2 files changed, 4 insertions, 3 deletions

diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index c07b554..312c99f 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -49,7 +49,7 @@
 			return View();
 		}
 
-		[AcceptVerbs(HttpVerbs.Post)]
+		[AcceptVerbs(HttpVerbs.Post), ValidateAntiForgeryToken]
 		public ActionResult LogOn(string openid_identifier, bool rememberMe, string returnUrl) {
 			try {
 				var request = relyingParty.CreateRequest(openid_identifier, this.Realm, this.ReturnTo);
@@ -71,7 +71,7 @@
 
 				return request.RedirectingResponse.AsActionResult();
 			} catch (ProtocolException ex) {
-				ModelState.AddModelError("OpenID", ex);
+				ModelState.AddModelError("OpenID", ex.Message);
 				return View();
 			}
 		}
@@ -95,7 +95,7 @@
 						ModelState.AddModelError("OpenID", "It looks like you canceled login at your OpenID Provider.");
 						break;
 					case AuthenticationStatus.Failed:
-						ModelState.AddModelError("OpenID", response.Exception);
+						ModelState.AddModelError("OpenID", response.Exception.Message);
 						break;
 				}
 			}
diff --git a/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx b/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx
index ca6dfc8..bb05c21 100644
--- a/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx
+++ b/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx
@@ -10,6 +10,7 @@
 	<%= Html.ValidationSummary("Login was unsuccessful. Please correct the errors and try again.") %>
 
 	<% using (Html.BeginForm("LogOn", "Account")) { %>
+	<%= Html.AntiForgeryToken() %>
 	<div>
 		<fieldset>
 			<legend>Account Information</legend>