11

Here's a constant class I use to invoke some helpers:

public static class SecurityHelpers
{
    public static string AntiforgeryTokenSalt = "tokenFooYouTolkienBladeRunner";         
}

And here's how I invoke it in one of my forms in my MVC3 web application:

@using (Html.BeginForm("Index", "Checkout", FormMethod.Post))
{   
    <input type="hidden" name="amount" value="@Model.PackageCost"/>
    <input type="hidden" name="currency" value="$"/>
    <input type="hidden" name="itemdescription" value="@Model.PackageDescriptor"/>
    <input type="hidden" name="type" value="digital"/>
    @Html.AntiForgeryToken(App.WebUI.Helpers.SecurityHelpers.AntiforgeryTokenSalt)

    <input type="submit" value="Confirmar" class="btn primary frmsubmit" />
}

And in my Controller:

[HttpPost]
[ValidateAntiForgeryToken(Salt = SecurityHelpers.AntiforgeryTokenSalt)]
public ActionResult Index(decimal amount, string currency, string itemDescription, string type)
{
    if (!User.Identity.IsAuthenticated) return RedirectToAction("LogOn", "Account");
}

The error is fired in my Controller, it says:

An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type

Any ideas why this isn't working? The Salt attribute of the ValidateAntiForgeryToken decorator is a string and my constant is also a string, so I'm confused.

Improve this question

1 Answer 1

Reset to default
37

A static string is not a constant.

Try changing 

public static string AntiforgeryTokenSalt = "tokenFooYouTolkienBladeRunner";

to

public const string AntiforgeryTokenSalt = "tokenFooYouTolkienBladeRunner";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.