0

I am developing an orchard module, for which I have the "AntiForgery: Enabled" in the module.txt file.

However, I need a single action to skip the antiforgery check.

I have tried both,

[OverrideAuthorization]
[AllowAnonymous]

on the action with no success as I am still getting the following error when redirecting to the action from a thirdparty application.

The required anti-forgery form field "__RequestVerificationToken" is not present.

I have also tried solutions such as Override Authorize Attribute in ASP.NET MVC

Any ideas as to why this would not work within an Orchard module?

Community
  • 1
  • 1
scully
  • 69
  • 1
  • 1
  • 4
  • Why do you need to skip request validation? – Bertrand Le Roy Aug 01 '14 at 08:23
  • During the payment process we open a popup to another site for validation on the credit card, that site then verifies the card and posts the response back to our site. It is at this point that the above error occurs. – scully Aug 01 '14 at 09:03

1 Answers1

0

I have unfortunately had to update the Orchard.Framework.dll as seen here - Opt out Antiforgery token per method

The problem with this is that anytime we upgrade to a new version of Orchard we then need to keep this in mind and re-implement it.

There has however been a pull request - Fix for issue 19384, so hopefully will form part of future versions of Orchard

scully
  • 69
  • 1
  • 1
  • 4