StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
9535171
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-03-02T14:45:44.900
FavoriteCount
0
LastActivityDate
2016-02-26T10:28:08.987
LastEditDate
2016-02-26T10:28:08.987
LastEditorUserId
1178314
OwnerUserId
1178314
ParentId
8935699
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
I have the MVC 3 anti-CSRF solution implemented, and I never receive 403 code when purposely making the check to fail (by suppressing cookies on client side after the get and before the post). Check done on an action having a ValidateAntiForgeryToken attribute. cutomErrors set with RemoteOnly, then On, then Off. Tested twice, first time on Cassini dev server, second time on IIS6. I have always received a 500 response code. I guess the trouble is located in the customErrors handling you are using. You should also check if you have any httpModule doing some custom logic on error events. (Unlikely if you use MVC HandleError attribute, as this MVC customError handling traps the errors before HttpModule handling, which then never see errors.) Without more details in your question about which customError handling mechanism are you using, it is difficult to give more directions. Mine is neither the MVC standard one (using HandleError as controller attribute, action attribute or global filter), nor the classical asp.net one. It is not ELMAH either. I handle errors in Application_Error event due to "historical" reasons (and for I found it easier to support both ISS 6 and 7 error handling, which I need to do till the migration of our servers is done). Code of my error handling logic in Application_Error event is like : <pre><code>var statusCode = 500; var ex = Server.GetLastError(); if (ex != null) { var httpEx = ex as HttpException; if (httpEx != null) { // HttpAntiForgeryException is HttpException and gets received here, // so its statusCode is what I get here. statusCode = httpEx.GetHttpCode(); } } // Some logging logic then if (!Context.IsCustomErrorEnabled) return; Response.ClearContent(); Response.StatusCode = statusCode; // Rendering custom error page in response then Server.ClearError(); </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHttpAntiForgeryException being treated as 403 and 500 depending whether custom errors is on
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USFrédéric
UserOwnerUserId
1. USFrédéric
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.