Anti-forgery token and anti-forgery cookie related issues

Anti-forgery token prevents CSRF (Cross-Site Request Forgery) attacks. The server associates this token with current user’s identity and sends it to the client. In the next request from client, the server expects to see this token. If the token is missing or it is different, then the server rejects the request (Reference).

I have recently worked on some anti-forgery related errors. These are the error messages I saw in Event Viewer:

The provided anti-forgery token was meant for a different claims-based user than the current user.

The provided anti-forgery token was meant for user “”, but the current user is “X”.

The anti-forgery cookie token and form field token do not match.

The required anti-forgery cookie “__RequestVerificationToken” is not present.

How to upload files by using ASP.NET Core

Many web applications require users to upload files. Whether it’s a photo, document or any other type of file, your application should be able to read it from the client computer and store it in the server.

I have recently worked on a case where the developer were trying to use the functions below to get the full path of the file:

string filePath = Path.Combine(Request.Form["file"].ToString());
string filePath = System.IO.Path.GetFullPath(Request.Form["file"].ToString());

These functions won’t return the full path if “Include local directory path when uploading files to a server” setting is disabled in Internet Explorer.

OutOfMemoryException caused by StringBuilder

If your web application is crashing with OutOfMemoryException, check Event Viewer for more details. In the stack trace, you should see which function is throwing this exception. In my case, a variable in StringBuilder type was the root cause.

AD connection and query by using PrincipalContext

There are different ways of getting data from Active Directory. One of them is that using PrincipalContext class which is a member of System.DirectoryServices namespace (Reference).

Here is a code sample to connect to Active Directory and query a user by using PrincipalContext.

(Solved) System.UnauthorizedAccessException occurred in mscorlib.dll

A web application (or SharePoint web part in my case) may throw System.UnauthorizedAccessException error below if the file you are trying to access is not available. The file may not exist or you may not have permissions to access it.

An exception of type “System.UnauthorizedAccessException” occurred in mscorlib.dll but was not handled in user code. Additional information: Access to the path ‘\networkshare\filename.ext’ is denied.”

Change in the default short date format for English (Canada)

Windows has language packages that store country specific settings such as short date format. I have recently came across an issue that was caused by an update in Canada’s language package.

Starting with Windows Server 2012 and Windows 8, the default date format for English (Canada) – short name is en-CA – was changed from dd/MM/yyyy to yyyy-MM-dd.

Microsoft is not planning to revert this change as yyyy-MM-dd is the recommended date format by The Government of Canada. However, there is no binding legislation so other formats are also used.

The Government of Canada recommends that all-numeric dates in both English and French use the YYYYMMDD format codified in ISO 8601.[10] The Standards Council of Canada also specifies this as the country’s date format.[11][12]

The YYYYMMDD format is the only method of writing a numeric date in Canada that allows unambiguous interpretation, and the only officially recommended format.[2] The presence of the DD/MM/YY (international) and MM/DD/YY (American) formats often results in misinterpretation. Using these systems, the date 7 January 2016 could be written as either 07/01/16 or 01/07/16, which readers can also interpret as 1 July 2016 (or 1916); conversely, 2016-01-07 cannot be interpreted as another date.

In spite of its official status and broad usage, there is no binding legislation requiring the use of the YYYYMMDD format, and other date formats continue to appear in many contexts.

Date and time notation in Canada

There is a proposed legislation to settle the date format debate. More information about the date/time implementation in Canada can be found in this page.