Scenario:a page is not logged in can be accessed, but when the specific operation found that the login window is not logged in, to complete the login after the operation. The following error was found when the login was successful and the front-end continued operation (Post backend interface):The security token provided applies to the user "", but the current user is "XX". (the login and the specific page operation are Ajax post) after seeing this error, first deal with this: //Login code ... stringOldctoken = httpcontext.request.cookies["__requestverificationtoken"]. Value; stringCtoken; stringFtoken; Antiforgery. Gettokens (Oldctoken, outCtoken, outftoken); //Generate new tokensHttpContext.Request.Cookies.Set (NewHttpCookie("__requestverificationtoken", Ctoken)); returnContent (Ftoken);//return, front end received after setting hidden tokenHowever, although the new cookie token and form token were used, the user was not prompted. then study the source ... By studying source code discovery: When generating tokens, the current user identity is taken. (The identity will not refresh after encountering login, so the solution is obvious) string[] roles =Newstring[] {"Role1","Role2" }; Settings for specific situationsHttpContext.User = NewGenericPrincipal(New GenericIdentity("XX"), roles); User name specific Settings This is also possible//ftoken = Antiforgery.gethtml (). ToString (); Regex r = new Regex (@ "value=" "([^" "]+)"); var m = R.match (Ftoken); Return Content (M.groups[1]. Value);
The security token provided by ASP. 4 Antiforgery applies to the user "", but the current user is processing records for "XX" issues