diff --git a/Packages.props b/Packages.props
index 1bb67c36..cf6cf343 100644
--- a/Packages.props
+++ b/Packages.props
@@ -1,7 +1,7 @@
 <Project>
 
   <ItemGroup>
-    <PackageReference Update="AngleSharp" Version="0.14.0" />
+    <PackageReference Update="AngleSharp" Version="1.0.0-alpha-844" />
     <PackageReference Update="EntityFramework" Version="6.4.4" />
     <PackageReference Update="MartinCostello.Logging.XUnit" Version="0.1.0" />
     <PackageReference Update="Microsoft.Bcl.HashCode" Version="1.1.0" />
@@ -14,7 +14,7 @@
     <PackageReference Update="MongoDB.Bson" Version="2.11.5" />
     <PackageReference Update="MongoDB.Driver" Version="2.11.5" />
     <PackageReference Update="Moq" Version="4.15.2" />
-    <PackageReference Update="Portable.BouncyCastle" Version="1.8.8" />
+    <PackageReference Update="Portable.BouncyCastle" Version="1.8.9" />
     <PackageReference Update="Quartz.Extensions.DependencyInjection" Version="3.2.3" />
     <PackageReference Update="Quartz.Extensions.Hosting" Version="3.2.3" />
     <PackageReference Update="TunnelVisionLabs.ReferenceAssemblyAnnotator" Version="1.0.0-alpha.160" />
diff --git a/samples/Mvc.Server/Controllers/UserinfoController.cs b/samples/Mvc.Server/Controllers/UserinfoController.cs
index 24808eed..3aaec6f3 100644
--- a/samples/Mvc.Server/Controllers/UserinfoController.cs
+++ b/samples/Mvc.Server/Controllers/UserinfoController.cs
@@ -19,10 +19,9 @@ namespace Mvc.Server.Controllers
         public UserinfoController(UserManager<ApplicationUser> userManager)
             => _userManager = userManager;
 
-        //
-        // GET: /api/userinfo
         [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)]
-        [HttpGet("~/connect/userinfo"), HttpPost("~/connect/userinfo"), Produces("application/json")]
+        [HttpGet("~/connect/userinfo"), HttpPost("~/connect/userinfo")]
+        [IgnoreAntiforgeryToken, Produces("application/json")]
         public async Task<IActionResult> Userinfo()
         {
             var user = await _userManager.GetUserAsync(User);