you're reading...
Web Development

Asp.net mvc, localhost, and the anti-forgery token

So I’m building a asp.net mvc application and have been doing testing w/ Cassini (visual studio built in web server; localhost:8080).  All is well.

When I published my app to run it locally in IIS (localhost:80) I get:

"Validation of ViewState MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies <machineKey> the same validationKey and validation algorithm. Self can not be used in a cluster."

After a bunch of googling I realized that it had to do with viewstate which lead me to the concept that it must have to do w/ the anti forgery token since by definition MVC doesn’t use viewstate outside of that.

I then quickly came the conclusion that the token is dropping and reading a cookie; as it turns out localhost doesn’t differentiate between ports and so it was reading my cassini (8080) token and trying to use it w/ my IIS application (80).

Long story short remove your cookie __RequestVerificationToken_Lw__ and all will be well

Hopefully this will help others get past this issue in less time than it took me (~ an hour)



2 thoughts on “Asp.net mvc, localhost, and the anti-forgery token

  1. a tough cookie

    Posted by philstrong | September 8, 2010, 1:39 pm


  1. Pingback: ASP.NET MVC Archived Blog Posts, Page 1 - March 24, 2010

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s