أنشطة المستخدم - Anjaneyulu

Couldn't validate antifogery token for post and get requests #2524

منذ عامين إجابة

Then you can create a middleware as below and get the generated cookie and pass it to the RequestVerificationToken header.

P.S. If your GET requests don't change the state (and it shouldn't in most cases), you don't need to add anti-forgery token validation, in my opinion.

public class SetRequestVerificationHeaderMiddleware 
{ 
    private readonly RequestDelegate _next; 
    private readonly IAbpAntiForgeryManager _abpAntiForgeryManager; 
 
    public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAbpAntiForgeryManager abpAntiForgeryManager) 
    { 
        _next = next; 
        _abpAntiForgeryManager = abpAntiForgeryManager; 
    } 
 
    public async Task Invoke(HttpContext context) 
    { 
        if (HttpMethods.IsGet(context.Request.Method)) 
        { 
           var antiForgeryToken = await _abpAntiForgeryManager.GenerateToken(); 
           context.Request.Headers["RequestVerificationToken"] = antiForgeryToken; 
        } 
         
        await _next(context); 
    } 
} 
 
//use middleware 
app.UseMiddleware<SetRequestVerificationHeaderMiddleware>();

We have added this configuration, but when we remove the request verification token from requests, response is still perfect. Are we missing something ? Please guide.

Couldn't validate antifogery token for post and get requests #2524

منذ عامين إجابة

Hi @Anjaneyulu, I think you don't need to create a manual Anti Forgery Token Middleware. Instead, you can define AbpAntiForgeryOptions to enable auto validation for GET requests.
Configure<AbpAntiForgeryOptions>(options => 
{ 
    //By default only POST requests auto validate anti forgery tokens. 
    //In other word "GET", "HEAD", "TRACE" and "OPTIONS" HTTP methods are ignored. 
     
    options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests 
     
}); 
 
See CSRF Anti Forgery documentation for more information

Hi @EngincanV , I have configured as you said

Configure<AbpAntiForgeryOptions>(options => { //By default only POST requests auto validate anti forgery tokens. //In other word "GET", "HEAD", "TRACE" and "OPTIONS" HTTP methods are ignored.

options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests });

Im not receving any data in get request. Do i need to add anything else ?

Not able to Explicitly set application cookie path for my Application #1852

منذ عامين إجابة

hi

We could set the Application Cookie's path as per your reply, we are missing antiforgery token and not able to authenticate. Can you please help us.

Issue in production but working in debug mode Could not find a file/folder at the location: /Emailing/Templates/EmailTemplate.tpl #1862

منذ عامين إجابة

hi

Is Emailing\Templates\Templates\*.tpl path correct?

Maybe Emailing\Templates\*.tpl

I have updated the path. Also, tried setting build actions to copy always for embedded resources. But im getting the same issue.

<PropertyGroup> <TargetFramework>netstandard2.0</TargetFramework> <RootNamespace>Test</RootNamespace> </PropertyGroup>

</Project>

Issue in production but working in debug mode Could not find a file/folder at the location: /Emailing/Templates/EmailTemplate.tpl #1862

منذ عامين إجابة

hi

Can you share the csproj(ApplicationContractModule) file?

<Project Sdk="Microsoft.NET.Sdk">

  <Import Project="..\..\common.props" />

  <PropertyGroup>
    <TargetFramework>netstandard2.0</TargetFramework>
    <RootNamespace>Test</RootNamespace>
  </PropertyGroup>



  <ItemGroup>
    <ProjectReference Include="..\Test.Domain.Shared\Test.Domain.Shared.csproj" />
  </ItemGroup>

  <ItemGroup>
    <ProjectReference Include="..\..\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Shared.Application.Contracts\Volo.Abp.Account.Pro.Shared.Application.Contracts.csproj" />
    <PackageReference Include="Volo.Abp.PermissionManagement.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Abp.FeatureManagement.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Abp.SettingManagement.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Saas.Host.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Abp.AuditLogging.Application.Contracts" Version="4.4.2" />
    <ProjectReference Include="..\..\modules\Volo.Identity.Pro\src\Volo.Abp.Identity.Pro.Application.Contracts\Volo.Abp.Identity.Pro.Application.Contracts.csproj" />
    <PackageReference Include="Volo.Abp.IdentityServer.Application.Contracts" Version="4.4.2" />
    <ProjectReference Include="..\..\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Application.Contracts\Volo.Abp.Account.Pro.Public.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Admin.Application.Contracts\Volo.Abp.Account.Pro.Admin.Application.Contracts.csproj" />
    <PackageReference Include="Volo.Abp.LanguageManagement.Application.Contracts" Version="4.4.2" />
    <ProjectReference Include="..\..\modules\Volo.TextTemplateManagement\src\Volo.Abp.TextTemplateManagement.Application.Contracts\Volo.Abp.TextTemplateManagement.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\modules\Volo.LeptonTheme\src\Volo.Abp.LeptonTheme.Management.Application.Contracts\Volo.Abp.LeptonTheme.Management.Application.Contracts.csproj" />
  </ItemGroup>

  <ItemGroup>
    <EmbeddedResource Include="Emailing\Templates\Templates\*.tpl" />
    <None Remove="Emailing\Templates\Templates\*.tpl" />
  </ItemGroup>
  
</Project>

Not able to Explicitly set application cookie path for my Application #1852

منذ عامين إجابة

hi

You are configure the ApplicationCookie not XSRF and Antiforgery.

Can you explain the reason to change the path?

Hi,

Basically when i hosted the application cookie path is coming as default root path i.e., path='/'.

But i want to set the path to application folder in IIS when hosted.

Can you please help to set that properly.

أنشطة "Anjaneyulu"