AntiCSRF

New Post: Re: Getting error : No CSRF cookie supplied and CSRF form field is missing.

sadranyi — Mon, 15 Apr 2013 20:26:30 GMT

I think i figured it out. if you are testing with cassini which is the integrated web server in Visual studio you will keep getting this error.
however if you deploy the application on a web server IIS it should work just fine, as the cookies are generated from the IIS sever.

I hope this helps someone :)

New Post: Re: Getting error : No CSRF cookie supplied and CSRF form field is missing.

sadranyi — Fri, 12 Apr 2013 20:04:37 GMT

am running .NET 4.0 and am having the same error any fix or workaround

New Post: Re: Getting error : No CSRF cookie supplied and CSRF form field is missing.

VinayShah — Thu, 01 Nov 2012 08:13:12 GMT

Hi,

I am getting following error after adding anticsrf dll and necessery code in web.config file.

Server Error in '/Code' Application.

No CSRF cookie supplied and CSRF form field is missing.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Idunno.AntiCsrf.PotentialCsrfException: No CSRF cookie supplied and CSRF form field is missing.

Source Error:


Line 283:            {
Line 284:                // Whilst this does lose the stack, that's not really a bad thing here as the exception message is detailed enough.
Line 285:                throw ex;
Line 286:            }
Line 287:        }

Source File: C:\Users\vin\Desktop\anticsrf-69709\Trunk\idunno.AntiCSRF\AntiCsrfModule.cs Line: 285

Stack Trace:


[PotentialCsrfException: No CSRF cookie supplied and CSRF form field is missing.]
   Idunno.AntiCsrf.AntiCsrfModule.RaiseError(Exception ex, HttpContext context) in C:\Users\vin\Desktop\anticsrf-69709\Trunk\idunno.AntiCSRF\AntiCsrfModule.cs:285
   Idunno.AntiCsrf.AntiCsrfModule.PreRequestHandlerExecute(Object source, EventArgs eventArgs) in C:\Users\vin\Desktop\anticsrf-69709\Trunk\idunno.AntiCSRF\AntiCsrfModule.cs:140
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +216
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +120

Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.4955

Pls help.

Thanks,

Vinay

Reviewed: 0.9.1 Beta (Oct 22, 2012)

legeox — Mon, 22 Oct 2012 13:45:02 GMT

Rated 2 Stars (out of 5) - I'm surprised to be able to submit with success a forum where I've deleted the CSRFTOKEN value... Is that an expected behaviour ?

Reviewed: 0.9.1 Beta (Oct 22, 2012)

legeox — Mon, 22 Oct 2012 13:44:52 GMT

Rated 2 Stars (out of 5) - I'm surprised to be able to submit with sucess a forum where I've deleted the CSRFTOKEN value... Is that an expected behaviour ?

Source code checked in, #69709

Project Collection Service Accounts — Mon, 01 Oct 2012 22:10:56 GMT

Upgrade: New Version of LabDefaultTemplate.xaml. To upgrade your build definitions, please visit the following link: http://go.microsoft.com/fwlink/?LinkId=254563

Source code checked in, #69708

Project Collection Service Accounts — Mon, 01 Oct 2012 22:06:45 GMT

Checked in by server upgrade

Commented Issue: Module does not protect against forged post-backs using HTTP verbs other than GET. [14105]

legeox — Fri, 28 Sep 2012 16:19:13 GMT

The AntiCsrfModule.PageLoad method contains logic to verify that post-backs are not being submitted as HTTP GET requests. The logic of this method currently uses an opt-out approach, only raising an exception when a post-back occurs as the result of a GET request. This opt-out approach allows forged post-back requests that use HTTP verbs other than GET (for instance, HEAD).

Although the attack vector surfaced by this issue is admittedly small, the fix for the issue appears to be inconsequential. By changing the logic of the conditional in the method to read as follows, the loophole of non-GET HTTP verbs is closed:

if (page.IsPostBack && !page.Request.HttpMethod.Equals("POST"))
Comments: ** Comment from web user: legeox **

The change shown in the description is prety easy to be done and should fix the issue.

New Post: JSON

f209 — Tue, 24 Jul 2012 03:13:50 GMT

Hi, I'm wondering if this AntiCSRF module protects JSON web methods. I realize CORS would prevent json requests to some degree, but you can make a json request with a content type of application/x-www-form-urlencoded, how would I protect from such a request without utilizing MVC.

New Post: AntiCSRF for .NET 1.1

wayhang — Tue, 15 Nov 2011 03:25:52 GMT

Hi,

The AntiCSRF 0.9.1 Beta is for .NET 2.0?

How about .NET 1.1?

Thanks!

Created Issue: 'CSRF form field is missing' exception thrown when using Server.Transfer to redirect pages [20894]

petekcchen — Thu, 02 Jun 2011 01:38:18 GMT

When I try to redirect a certain page using ‘Server.Transfer’, this causes an exception saying ‘CSRF form field is missing’. Instead, the page can be redirected successfully using ‘Response.Redirect’. Any idea?

Commented Issue: Error: CSRF form tag missing When using JQuery AJAX Post [15125]

petekcchen — Thu, 02 Jun 2011 01:35:38 GMT

How should i use this AntiCSRF for JQuery AJAX post? It is throwing "CSRF form tag is missing". Any suggestion on how to use while work with JQuery AJAX?

Thanks!
Ashok
Comments: ** Comment from web user: petekcchen **

Hi Ashok,
Have you tried to post the data with the CSRF token in the hidden filed to see if it works?

Reviewed: 0.9.1 Beta (apr 20, 2011)

dot_net_junkie — Wed, 20 Apr 2011 09:55:02 GMT

Rated 5 Stars (out of 5) - Excellent library! This sort of stuff is really hard to get right yourself.

Commented Issue: Error running under non English culture [13582]

guybartal — Mon, 11 Apr 2011 13:08:22 GMT

when i try to run inside the developmetn server this page showed instead the the exception page.: What this error means n how to solved it, since i already follow the readme file?

Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Idunno.AntiCsrf.Properties.Resources.resources" was correctly embedded or linked into assembly "Idunno.AntiCSRF" at compile time, or that all the satellite assemblies required are loadable and fully signed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Resources.MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Idunno.AntiCsrf.Properties.Resources.resources" was correctly embedded or linked into assembly "Idunno.AntiCSRF" at compile time, or that all the satellite assemblies required are loadable and fully signed.Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Idunno.AntiCsrf.Properties.Resources.resources" was correctly embedded or linked into assembly "Idunno.AntiCSRF" at compile time, or that all the satellite assemblies required are loadable and fully signed.]
System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +655
System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +681
System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +681
System.Resources.ResourceManager.GetString(String name, CultureInfo culture) +77
Idunno.AntiCsrf.AntiCsrfModule.PreRequestHandlerExecute(Object source, EventArgs eventArgs) +626
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
Comments: ** Comment from web user: guybartal **

hi,

i've encountered the same unhandled exception in hebrew.

Source code checked in, #52373

_TFSSERVICE — Wed, 28 Jul 2010 17:08:20 GMT

Checked in by server upgrade

New Post: Please help me figure out why I'm getting "Could not find any resources appropriate .." err

cgchavero — Sat, 06 Feb 2010 00:14:11 GMT

I have this issue and I try setting culture features in my project, but i can't do it, because mi c# programming skill is very basic.

So I download the source AntiCSRF-35092.zip and recompile Releases\0.9.1 Beta source.

Later I remove the original DLL Idunno.AntiCsrf.dll from my project and copy the new DLL resulted from recompilated source with this lines removed from assemblyinfo.cs:

[assembly: AssemblyCulture("")]
[assembly: NeutralResourcesLanguageAttribute("en")]

The aplication works fine!!! My web.config just redirect to html page in csrf attack detected, so I will try the detectionResult="RaiseException" feature for logging this atacks.

I hope this info result useful for somebody.

See you!

New Post: Please help me figure out why I'm getting "Could not find any resources appropriate .." err

blowdart — Wed, 16 Dec 2009 23:44:59 GMT

You're not the first person to see this, and I can't reproduce it myself.

Could you download the source and in the assemblyinfo.cs file remove the following two lines and let me know if that solves it?

[assembly: AssemblyCulture("")]
[assembly: NeutralResourcesLanguageAttribute("en")]

New Post: Error with POSTing to page different from GET page

redpatch — Wed, 16 Dec 2009 20:22:26 GMT

I get the following error when the aspx page that receives the POST is different from the aspx page that reponds to the GET:

Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Idunno.AntiCsrf.Properties.Resources.resources" was correctly embedded or linked into assembly "Idunno.AntiCSRF" at compile time, or that all the satellite assemblies required are loadable and fully signed.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Resources.MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Idunno.AntiCsrf.Properties.Resources.resources" was correctly embedded or linked into assembly "Idunno.AntiCSRF" at compile time, or that all the satellite assemblies required are loadable and fully signed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture.  Make sure "Idunno.AntiCsrf.Properties.Resources.resources" was correctly embedded or linked into assembly "Idunno.AntiCSRF" at compile time, or that all the satellite assemblies required are loadable and fully signed.]
   System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +7676578
   System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +583
   System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +583
   System.Resources.ResourceManager.GetString(String name, CultureInfo culture) +74
   Idunno.AntiCsrf.Properties.Resources.get_exceptionMessageFormFieldMissing() +27
   Idunno.AntiCsrf.AntiCsrfModule.PreRequestHandlerExecute(Object source, EventArgs eventArgs) +640
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3053

Created Issue: Error: CSRF form tag missing When using JQuery AJAX Post [15125]

ashok_subbu — Tue, 01 Dec 2009 07:14:12 GMT

How should i use this AntiCSRF for JQuery AJAX post? It is throwing "CSRF form tag is missing". Any suggestion on how to use while work with JQuery AJAX?

Thanks!
Ashok

Created Issue: Module does not protect against forged post-backs using HTTP verbs other than GET. [14105]

jmbledsoe — Thu, 10 Sep 2009 14:05:33 GMT