所需的防伪令牌未提供或无效 - 仅限Safari [英] A required anti-forgery token was not supplied or was invalid -- Safari only

问题描述

我有一个asp.net mvc 2项目与典型的xss保护

I have an asp.net mvc 2 project with the typical xss protection

<％= Html.AntiForgeryToken

<%=Html.AntiForgeryToken() %> inside each form and [ValidateAntiForgeryToken] on each Post action.

但我在Safari（v 5.1.7）中收到以下错误。

But I get the following error in Safari (v 5.1.7).

System.Web.Mvc.HttpAntiForgeryException：所需的防伪造币
凭证未提供或无效。

System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid.

我看到异常的原因是创建的 RequestValidationToken cookie的过期日期不正确 Mon，01 2001年1月，而在其他浏览器中正确设置为 Session 。

I see the reason for the exception is the RequestValidationToken cookie that is created has an incorrect expiration date of Mon, 01 Jan 2001, while in the other browsers is is correctly set to Session.

如何让Safari停止为我的反伪造Cookie指定伪造的到期日期？

推荐答案

我解决了这个问题，从IIS中的认证提供程序列表中删除negotiate。

I resolved this problem by removing 'negotiate' from the list of authentication providers in IIS.

与safari的此问题类似：

Similar to this issue with safari:

Windows 7中的Safari 5.x的Windows身份验证问题

这篇关于所需的防伪令牌未提供或无效 - 仅限Safari的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！