I'm also wondering if the page_init code should be

protected void Page_Init(object sender, EventArgs e)
{
if(!IsPostBack) {
AntiForgeryDiv.InnerHtml = AntiForgery.GetHtml().ToString();
}
}

That way I'm not generating a new anti-forgery token for each postback. 

what do you think?

Hi Monika, 

   Thanks that works. 

Do you have any idea why it works? It seems like this is just a workaround for a bug in the drop-down control. 

Dave