The provided anti-forgery token was meant for a different claims-based user than the current user

Question

The provided anti-forgery token was meant for a different claims-based user than the current user

Navigation

0

Very good. I have a problem with the Anti-Forgery with a somewhat particular case:

1.- I enter the password incorrectly. 2.- I correctly introduce username and password. 3.- I go back in the history. 4.- Enter what you enter gives me the error "The provided anti-forgery token was meant for a different claims-based user than the current user."

If we eliminate point 1 and go back, I can log in without problem. That is, there is something in the step for the login error.

    [AllowAnonymous]
    [HttpGet]
    [OutputCache(NoStore = true, Duration = 0, VaryByParam = "None")]
    public ActionResult Login(string returnUrl)
    {
        Log.DEBUG(ConstLog.ENTRA_METODO + this.GetType().Name + "." + MethodBase.GetCurrentMethod().Name);
        Session.RemoveAll();
        // ViewBag.ReturnUrl =  returnUrl;
        Log.DEBUG(ConstLog.SALE_METODO + this.GetType().Name + "." + MethodBase.GetCurrentMethod().Name);
        return View();
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        try
        {
            Log.DEBUG(ConstLog.ENTRA_METODO + this.GetType().Name + "." + MethodBase.GetCurrentMethod().Name);
            if (!ModelState.IsValid)
            {
                Log.DEBUG(ConstLog.SALE_METODO + this.GetType().Name + "." + MethodBase.GetCurrentMethod().Name);
                return View(model);
            }

            ApplicationUser user = await UserManager.FindAsync(model.UserName, model.Password);
            if (user != null)
            {
                await SignInManager.SignInAsync(user, false,/*model.RememberMe,*/ false);

                UserDTO userDTO = new UserDTO();
                userDTO.IdUser = user.Id;
                userDTO.Nombre = user.Nombre;
                userDTO.Apellidos = user.Apellidos;
                SetAuditoria(userDTO, ConstAudit.ACTION_LOGIN, String.Format(ConstAudit.LOGIN_USER, userDTO.Nombre, userDTO.Apellidos));

                Session["NombreUsuario"] = user.Nombre + " " + user.Apellidos;
                Session["IdUsusario"] = user.Id;

                Log.DEBUG(ConstLog.SALE_METODO + this.GetType().Name + "." + MethodBase.GetCurrentMethod().Name);
                return RedirectToLocal(returnUrl);

            }
            else
            {
                Log.DEBUG(ConstLog.SALE_METODO + this.GetType().Name + "." + MethodBase.GetCurrentMethod().Name);
                ModelState.AddModelError("", "Contraseña incorrecta");
                return View(model);
            }

        }
        catch (Exception ex)
        {
            Log.DEBUG(ConstLog.EXCEPCION + this.GetType().Name + "." + ex.InnerException);                    
            return RedirectToAction("Login", "Account");
        }

    }

entity-framework login

asked by Menes 28.04.2017 в 11:13

source

0 answers

AddClass RemoveClass Notifications for UWP in Xamarin.Forms