Getting CSRF error after redirection to other site and coming back to original site using post

Srinivasa Rao Potnuru asked on January 31, 2017 07:59

Hi, We have a requirement to redirect to third party site to perform authentication. Upon successful authentication, it should redirect back to our site using POST with stored cookie values or authentication ticket to get user details.

Getting CSRF error after redirecting to our site. For time being we have added below key in web.config to resolve the CSRF error but this web.config is common to multiple sites that are hosted in same build

"add key="CMSEnableCsrfProtection" value="False""

Request you kindly provide the solution without this key setting in web.config.

Recent Answers

Michal Samuhel answered on February 2, 2017 12:00

Hi Srinivasa,

The problem is indeed it the POST request. Post request raises CSRF handler on every page that inherits from CMSPage. CSRF validates both page hidden field and CSRF cookie tokens, however since your request is coming from an outer source the tokens will not match.

What version are you using? In version 10 there might be a workaround, that I had mentioned on this article http://devnet.kentico.com/articles/payment-gateways-and-csrf-protection

In v9 though you will need to choose between lower protection and keeping post to the page or you can create another approach, post data to some HTTPHandler and use get to load the page for user.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.