ASP.NET Core Web - The required antiforgery cookie “.AspNetCore.Antiforgery.wRFSYju6cwY” is not present

Question

I created a new ASP.NET Core 2.0 Web Application project in VS 2017 (Community v15.6.6), in the New project wizard I selected the Web Application + Authentication: Individual User Accounts. I ran the Update-Database in the PM, to create db. Then I ran the application in VS in IIS Express, I registered a new user and I logged in. Everything worked fine.

Then I stopped the application and ran it not in IIS Express but I used the second launch profile, configured in the launchSettings.json:

"profiles": {
"TestCoreWebApp": {
  "commandName": "Project",
  "launchBrowser": true,
  "environmentVariables": {
    "ASPNETCORE_ENVIRONMENT": "Development"
  },
  "applicationUrl": "http://localhost:63090/"
}

Application launched and open a web browser with the home page. Now when I try to login, it doesn't work. It ends with the http 400 error.

In output I see the following error:

    Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.wRFSYju6cwY" is not present.
   at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.<ValidateRequestAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter.<OnAuthorizationAsync>d__3.MoveNext()

Please can anyone explain me why it doesn't work the same way as in the IIS Express profile? Is it a bug?

The IIS Express profile is running on HTTPS, but the other profile is running on HTTP. Does this difference play a role in the described behaviour?

Many thanks. Filip

Answer 1

This has tripped me up too many times to count, as I normally start with an empty web project template.

You are likely missing the _ViewImports.cshtml file, or the following line within it (which enables the built-in tag helpers, ie the auto-injected csrf):

@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers

Answer 2

I also create the same project in the same version but i'am not create the database, because when you add new user the entity framework check and create the database

try to create new user and late the EF create the database.

Answer 3

I had a similar problem using an Identity Server 4 / Identity Management project with Asp Net core 2.0 and an Asp Net Core 2.0 API project, both using SSL and running using IIS.

For the development environment, I changed to run without SSL and using Kestrel and the error "required anti-forgery cookie .AspNetCore.Antiforgery.wRFSYju6cwY” was shown.

When I cleaned the Cookies (in all browsers) everything started to work properly, I hope this helps you.

Answer 4

尝试将@Html.AntiForgeryToken()插入到您的登录视图中（在表单内部）。