The required anti-fake token was not specified or was invalid - only Safari

Question

The required anti-fake token was not specified or was invalid - only Safari

I have an asp.net mvc 2 project with typical xss protection

<%=Html.AntiForgeryToken() %>inside each form and [ValidateAntiForgeryToken]for each Post action.

This works in both Chrome, Firefox, and IE.

But I get the following error in Safari (v 5.1.7).

System.Web.Mvc.HttpAntiForgeryException: The necessary anti-fake token was not specified or was invalid.

I see that the reason for the exception is that the cookie created RequestValidationTokenhas an invalid expiration date Mon, 01 Jan 2001, while in other browsers the value is correctly set Session.

How can I get Safari to stop setting a dummy expiration date for my Anti-Forgery cookie?

+5

safari cookies asp.net-mvc

Forty-two Feb 12 '13 at 13:46

source share

1 answer

MOP · Answer 1 · 2013-04-19T01:58:16+0000

I solved this problem by removing the “negotiation” from the list of authentication providers in IIS.

Similar to this safari issue:

Windows authentication issue with Safari 5.x on Windows 7

The required anti-fake token was not specified or was invalid - only Safari

More articles: