Validation of Anti-XSRF token failed RRS feed

  • Question

  • User1753528066 posted

    I used the CreateUserWizard  to create a sign up form for a new user.  A user record is created in the db.  However when clicking the 'continue' button the above error occurs.  I have read the posts on this subject and tried changing the ViewStateMode, but that does not work.

    Any help would be appreciated.

    I am using vwd express 2012.


    Validation of Anti-XSRF token failed. 
      Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
     Exception Details: System.InvalidOperationException: Validation of Anti-XSRF token failed.
    Source Error: 
    Line 39:             If (Not DirectCast(ViewState(AntiXsrfTokenKey), String) = _antiXsrfTokenValue _
    Line 40:                 Or Not DirectCast(ViewState(AntiXsrfUserNameKey), String) = If(Context.User.Identity.Name, String.Empty)) Then
    Line 41:                 Throw New InvalidOperationException("Validation of Anti-XSRF token failed.")
    Line 42:             End If
    Line 43:         End If
     Source File:  C:\Users\John\Dropbox\PBCert\Site.master.vb    Line:  41 
    Stack Trace: 
    [InvalidOperationException: Validation of Anti-XSRF token failed.]
       SiteMaster.master_Page_PreLoad(Object sender, EventArgs e) in C:\Users\John\Dropbox\PBCert\Site.master.vb:41
       System.Web.UI.Page.OnPreLoad(EventArgs e) +121
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +605
    <asp:Content ID="Content3" ContentPlaceHolderID="MainContent" Runat="Server">
        <asp:CreateUserWizard ID="CreateUserWizard1" runat="server" ContinueDestinationPageUrl="~/PayPal.aspx" MembershipProvider="SqlProvider">

    Wednesday, December 30, 2015 9:27 PM


  • User614698185 posted

    Hi john,

    The current username is embedded in __VIEWSTATE when the Page is rendered to the browser. When a postback occurs, the anti-XSRF logic checks that the current username matches what is embedded in the submitted __VIEWSTATE. So it is expected that changing the logged-in user in the middle of a workflow (with postbacks) will result in errors. This error should not occur if the user is simply navigating around the site.

    If you check the server logs, you'll see that the users were indeed performing postbacks to the pages where failures occurred. The XSRF logic is already conditioned on an "if (IsPostBack)" check. You can verify this for yourself by looking at the Site.master codebehind file.

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, December 31, 2015 4:17 AM