The provided anti-forgery token was meant for user “”, but the current user is “user@example.com”

While working with Asp.net MVC, I got HttpAntiForgeryException exception (The provided anti-forgery token was meant for user “”, but the current user is “user@example.com”) at login page. It happens when user login with valid credentials and re-directed to inner page ofr the application. At inner pages he press the browser back button and will show login page again. He entered the valid credentials again that time, this exception will generate and display on the browser.

To fix this exception: Need to add [OutputCache(NoStore=true, Duration = 0, VaryByParam= “None”)] line to your login get method.

[AllowAnonymous]
[HttpGet]
[OutputCache(NoStore=true, Duration = 0, VaryByParam= "None")]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}

Leave a Reply

Your email address will not be published.