Blog on software engineering
Using ValidateAntiForgeryToken with AngularJS and MVC

Using ValidateAntiForgeryToken with AngularJS and MVC

I was getting a HTTP 500 error, when posting data from AngularJS to a MVC controller, which had the attribute ValidateAntiForgeryToken applied to it. This attribute expects a form to be posted to the MVC controller action method, but I wanted to sent JSON. If you want to do that then you can follow the blogpost from julian jelfs.


Now I just add: @Html.AntiForgeryToken()

Then I apply the custom attribute ValidateJsonAntiForgeryToken to the MVC controller action method, like

[Authorize] [ValidateJsonAntiForgeryToken]
public ActionResult GetDashboardData(DashboardViewModel model) {

Now I can Post data in AngularJS like:

// When using the @Html.AntiForgeryToken() and [ValidateJsonAntiForgeryToken], a http POST, 
// should contain a AntiForgeryToken in the header. // The @Html.AntiForgeryToken() will write add a hidden HTML input element with the name
//"__RequestVerificationToken". // This input element will contain to AntiForgeryToken. // The MVC AuthorizeAttribute [ValidateJsonAntiForgeryToken],
//will check the http request header for the "AntiForgeryToken".
function getHttpConfig() { var token = angular.element("input[name='__RequestVerificationToken']").val(); var config = { headers: { '__RequestVerificationToken': token } }; return config; }

var config = getHttpConfig();
var url = “http://localhost”;
var postData = {}; return $, postData, config).then(function (response) {
// Do something terrible



Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.