Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Shelly 9 posts 79 karma points
    Nov 23, 2023 @ 09:37
    Shelly
    0

    ValidateAntiForgeryToken

    Hello,

    In Umbraco version 10, I would like to Validate anti forgery token before handling every method. So I tried to use:

    [HttpPost]
    [ValidateAntoForgeryToken]
    public IActionResult HandleMyMethod(MyModel model)
    {

    }

    *I know that [ValidateAntoForgeryToken] is not needed here, because AntiForgeryToken is used by default.

    My problem is that if my auth token is expired, then the user gets error 400. I want him to get an error, but in a "beautiful" way. Or instead, I want to redirect him to login page.

    My question is, is it possible? to put
    [ValidateAntoForgeryToken]
    Over a method, and write a code somewhere that will redirect the user to the login page if [ValidateAntoForgeryToken] returns error?

    Thank you so much!!!

    Copy Link
  • Huw Reddick 1932 posts 6722 karma points MVP 2x c-trib
    Nov 23, 2023 @ 09:49
    Huw Reddick
    0

    ValidateAntiForgeryToken does not have anything to do with authentication.

    You will need to write an erro handler

    Copy Link
  • Huw Reddick 1932 posts 6722 karma points MVP 2x c-trib
    Nov 23, 2023 @ 09:51
    Huw Reddick
    0

    https://www.youtube.com/watch?v=4LaFi0SzBdY

    Copy Link
  • Shelly 9 posts 79 karma points
    Nov 23, 2023 @ 14:55
    Shelly
    0

    Thank you!!! My [ValidateAntiForgeryToken] errors are still not well-handled this way, but I will try again..
    I see that it does not even route to "/error"..

    Copy Link
  • Huw Reddick 1932 posts 6722 karma points MVP 2x c-trib
    Nov 23, 2023 @ 15:24
    Huw Reddick
    0

    like I said, validateantiforgery does not have anything to do with authentication. The antiforgery prevents csrf attacks.

    Copy Link
  • Huw Reddick 1932 posts 6722 karma points MVP 2x c-trib
    Nov 23, 2023 @ 16:04
    Huw Reddick
    0

    What is the exact error you are receiving?

    Copy Link
  • Shelly 9 posts 79 karma points
    Nov 25, 2023 @ 16:23
    Shelly
    0

    Finally I did not use your video, I used something else:

    I created a new class: "RedirectAntiforgeryValidationFailedResultFilter".

    This class inherits: IAsyncAlwaysRunResultFilter

    The class looks like this:

    using Umbraco.Cms.Web.Website.ActionResults;  
using UMmebers10.ViewComponentClasses;
using Umbraco.Cms.Infrastructure.Examine;

namespace UMmebers10.Classes
{
    public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter<br/>
    {
        public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            if (context.Result is AntiforgeryValidationFailedResult)
            {
                context.Result = new RedirectToPageResult("/ErrorPage");
            }
            return next();
        }
    }

    This works!!!!

    But the problem that I have is about the line:

    context.Result = new RedirectToPageResult("/ErrorPage");

    I am redirected to a non existing page:

    https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage

    I want to be redirected to an existing page like:

    context.Result = new RedirectToPageResult(MasterPage.Url);

    But I dont know how "MasterPage" should be defined.

    Mainly because: "Umbraco.AssignedContentItem" or "CurrentPage" are not defind in a class that does not inherit from "SurfaceController".

    Can you please help? Thank you!!!

    Copy Link
  • Shelly 9 posts 79 karma points
    Nov 25, 2023 @ 16:31
    Shelly
    0

    Finally it worked using this code (Adding new class): 

    using Umbraco.Cms.Web.Website.ActionResults;
using UMmebers10.ViewComponentClasses;
using Umbraco.Cms.Infrastructure.Examine;

namespace UMmebers10.Classes
{
    public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter
    {
        public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            if (context.Result is AntiforgeryValidationFailedResult)
            {
                context.Result = new RedirectToPageResult("/ErrorPage");
            }

            return next();
        }
    }
}

    And, in startup.cs code: 

    services.AddMvc(options =>
    options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>())
    .SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
    .ConfigureApiBehaviorOptions(options =>
    {
        options.SuppressMapClientErrors = true;
    });

    The only problem left: I am redirected to a non-existing page:

    https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage

    How can I find the home page root and redirect there?

    The class does not inherit SurfaceController, so Codes like "CurrentPage" and "Umbraco.AssignedContentItem" are not recognized there, and I don't know how they can be recognized,

    Copy Link
  • Al 9 posts 54 karma points
    24 days ago
    Al
    0

    I appreciate this is now very old but I was looking for a way to do this just now:

    using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Web.Website.ActionResults;

namespace Ext.Extensions
{
    public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter
    {
        private readonly IUmbracoContextAccessor _umbracoContextAccessor;
        private readonly IPublishedUrlProvider _publishedUrlProvider;
        public RedirectAntiforgeryValidationFailedResultFilter(IPublishedUrlProvider publishedUrlProvider, IUmbracoContextAccessor umbracoContextAccessor)
        {
            _umbracoContextAccessor = umbracoContextAccessor;
            _publishedUrlProvider = publishedUrlProvider;
        }
        public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            if (context.Result is AntiforgeryValidationFailedResult)
            {
                //TODO get the currentPage from the context instead of hard coded Guid?
                Guid homeGuid = Guid.Parse("xxxxxxxxx");
                // redirect to home
                context.Result = new RedirectToUmbracoPageResult(homeGuid, _publishedUrlProvider, _umbracoContextAccessor);
            }
            return next();
        }
    }
}

    and then in program.cs

     builder.Services.AddControllersWithViews(options => options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>());
    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies