Enable Cross-site request forgery security

 This article is deprecated


To avoid issues regarding Federated authentication, Cross-site request forgery security is disabled by default. This article explains how to enable this key.

Applies to



Follow the next steps in order to enable Cross-site request forgery security:

1. Open the web.config file (located in C:\Bizagi\Projects\[ProjectName]\WebApplication) using the text editor of your choice.

2. Within the <AppSettings> section, add the following key:

<add key="EnableXSRFSecurity" value="true" />

3. Restart the Scheduler service and the Web Server services and try again. This should change the behavior.