Open Closed

Antiforgery token validation failed when invoking negotiate endpoint of signalR #2180


0
neethucp created
  • ABP Framework version: v4.4.3
  • UI type: Blazor Server
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes

We have a microservice project set up with blazor server front end project. We are trying to send notificatio on status change using signalR. We have created a hub inheriting from AbpHub and followed Microsofot's documentation to connect to hub from blazor server project. We are getting "Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.RfvzpqGUp6I" is not present." when hubConnection.StartAsync() is invoked.

Do we have to add any configuration to make this work?


12 Answer(s)
  • 0
    maliming created
    Support Team

    hi neethucp

    How can I reproduce this problem? Can you share some code and steps?

  • 0
    neethucp created

    Hi, It is a microservice template project with blazor server front end. We just created a hub in blazor server project and implemented hub connection from a razor page using "Microsoft.AspNetCore.SignalR.Client" package. Please find the signalR hub connection code below. "await hubConnection.StartAsync();" would invoke the signalR negotiate endpoint POST https://localhost:44314/signalr-hubs/applicationstatuschangenotification/negotiate?negotiateVersion=1 - 0

  • 0
    maliming created
    Support Team

    Thanks I will check.

  • 0
    maliming created
    Support Team

    hi

    Can you try to add csrf token to cookies and Headers?

    https://github.com/abpframework/abp/blob/rel-4.4/framework/src/Volo.Abp.AspNetCore.Components.Web/Volo/Abp/AspNetCore/Components/Web/AbpBlazorClientHttpMessageHandler.cs#L75

    https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.signalr.client.hubconnectionbuilderhttpextensions.withurl?view=aspnetcore-5.0#Microsoft_AspNetCore_SignalR_Client_HubConnectionBuilderHttpExtensions_WithUrl_Microsoft_AspNetCore_SignalR_Client_IHubConnectionBuilder_System_Uri_System_Action_Microsoft_AspNetCore_Http_Connections_Client_HttpConnectionOptions__

    https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.connections.client.httpconnectionoptions?view=aspnetcore-5.0#properties

  • 0
    neethucp created

    Hi, I have already tried passing the RequestVerificationToken and the cookies to signalR connection. But it is giving the same error. ".AspNetCore.Antiforgery.RfvzpqGUp6I" is not present." This cookie ".AspNetCore.Antiforgery.RfvzpqGUp6I" doesn't exist in the browser cookies. Instead there is a similar cookie with name ".AspNetCore.Antiforgery.dHbfFikoQ1Y".

  • 0
    maliming created
    Support Team

    hi

    Can you debug the c# code and check the browser network panel to see if the header and cookies are sent?

  • 0
    neethucp created

    Hi,

    Cookies and request header are getting passed. We are using blazor server hosting model and not web assembly. We only have ".AspNetCore.Antiforgery.dHbfFikoQ1Y" cookie in the browser which is set from auth server. Not sure why it is trying to validate antiforgery token ".AspNetCore.Antiforgery.RfvzpqGUp6I" from blazor server.

  • 0
    maliming created
    Support Team

    Can you use the template project to reproduce the problem and share it with me? [email protected]

  • 0
    neethucp created

    Hi, The issue was due to the incorrect signalR url. The url didn't have the hub name in kebab-case. It started working after url changed to "/signalr-hubs/application-status-change-notification". But now getting issue with authorization. The token is getting passed in Authorization header, but signalR negotiation gives the following error.

  • 0
    maliming created
    Support Team

    hi

    Can you check these? https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-6.0#built-in-jwt-authentication https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-6.0#identity-server-jwt-authentication

  • 0
    neethucp created

    Hi, I'm getting the token in the Authorization header. But I'm still getting unauthorized.

  • 0
    maliming created
    Support Team

    Try to add app.UseJwtTokenMiddleware();