Anti-forgery token and anti-forgery cookie related issues

Anti-forgery token prevents CSRF (Cross-Site Request Forgery) attacks. The server associates this token with current user’s identity and sends it to the client. In the next request from client, the server expects to see this token. If the token is missing or it is different, then the server rejects the request (Reference).

I have recently worked on some anti-forgery related errors. These are the error messages I saw in Event Viewer:

The provided anti-forgery token was meant for a different claims-based user than the current user.

The provided anti-forgery token was meant for user “”, but the current user is “X”.

The anti-forgery cookie token and form field token do not match.

The required anti-forgery cookie “__RequestVerificationToken” is not present.

How to upload files by using ASP.NET Core

Many web applications require users to upload files. Whether it’s a photo, document or any other type of file, your application should be able to read it from the client computer and store it in the server.

I have recently worked on a case where the developer were trying to use the functions below to get the full path of the file:

string filePath = Path.Combine(Request.Form["file"].ToString());
string filePath = System.IO.Path.GetFullPath(Request.Form["file"].ToString());

These functions won’t return the full path if “Include local directory path when uploading files to a server” setting is disabled in Internet Explorer.

OutOfMemoryException caused by StringBuilder

If your web application is crashing with OutOfMemoryException, check Event Viewer for more details. In the stack trace, you should see which function is throwing this exception. In my case, a variable in StringBuilder type was the root cause.

AD connection and query by using PrincipalContext

There are different ways of getting data from Active Directory. One of them is that using PrincipalContext class which is a member of System.DirectoryServices namespace (Reference).

Here is a code sample to connect to Active Directory and query a user by using PrincipalContext.

(Solved) System.UnauthorizedAccessException occurred in mscorlib.dll

A web application (or SharePoint web part in my case) may throw System.UnauthorizedAccessException error below if the file you are trying to access is not available. The file may not exist or you may not have permissions to access it.

An exception of type “System.UnauthorizedAccessException” occurred in mscorlib.dll but was not handled in user code. Additional information: Access to the path ‘\networkshare\filename.ext’ is denied.”