c# - ASP.net MVC cross application POST request -


i have several asp.net mvc applications deployed on single site in iis. of applications using forms authentication, , of applications configured use same machine key.

one of applications 'base site' provides navigation other applications , login/logout functionality being handled. stands, user can log in on base site , visit other applications , still authenticated, working intended.

i have logout form in header of shared layout views submits post request logout action in controller belonging base site. when submit form base site, logout works expected. if try submit form of other sites, receive error message:

"the anti-forgery cookie token , form field token not match." 

this log off action looks in security controller:

    [httppost]     [validateantiforgerytoken]     public actionresult logoff()     {         formsauthentication.signout();          return redirect("~/");     }  

this form looks in base site view:

using (html.beginform("logoff", "security", formmethod.post, null))                 {                     @html.antiforgerytoken()                     <input type="submit"  value="log off"/>                 } 

because of way directories set other sites use different version of same form call logout action base site:

using (html.beginform("logoff", "../security", formmethod.post, null))                 {                     @html.antiforgerytoken()                     <input type="submit"  value="log off"/>                 }  

the base site @ root of directory, , other applications contained in own folder within root.

none of views have tried on have conflicting forms or antiforgery tokens, , machine key among apps seems configured or else don't think authentication working @ all. considering redirecting base site , performing logout action there, if there more simple solution have yet come across nice.

the antiforgerytoken works creating hidden field , cookie same token (see this blod post). since form being posted url, think cookie either not being transmitted along post or browser still has cookie former request base site , therefore transmits wrong one. behaviour occur after deleting cookies (to ensure no old ones being used)?


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -