Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Shelly 9 posts 79 karma points
    Nov 23, 2023 @ 09:37
    Shelly
    0

    ValidateAntiForgeryToken

    Hello,

    In Umbraco version 10, I would like to Validate anti forgery token before handling every method. So I tried to use:

    [HttpPost]
    [ValidateAntoForgeryToken]
    public IActionResult HandleMyMethod(MyModel model)
    {

    }

    *I know that [ValidateAntoForgeryToken] is not needed here, because AntiForgeryToken is used by default.

    My problem is that if my auth token is expired, then the user gets error 400. I want him to get an error, but in a "beautiful" way. Or instead, I want to redirect him to login page.

    My question is, is it possible? to put
    [ValidateAntoForgeryToken]
    Over a method, and write a code somewhere that will redirect the user to the login page if [ValidateAntoForgeryToken] returns error?

    Thank you so much!!!

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Nov 23, 2023 @ 09:49
    Huw Reddick
    0

    ValidateAntiForgeryToken does not have anything to do with authentication.

    You will need to write an erro handler

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Nov 23, 2023 @ 09:51
  • Shelly 9 posts 79 karma points
    Nov 23, 2023 @ 14:55
    Shelly
    0

    Thank you!!! My [ValidateAntiForgeryToken] errors are still not well-handled this way, but I will try again..
    I see that it does not even route to "/error"..

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Nov 23, 2023 @ 15:24
    Huw Reddick
    0

    like I said, validateantiforgery does not have anything to do with authentication. The antiforgery prevents csrf attacks.

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Nov 23, 2023 @ 16:04
    Huw Reddick
    0

    What is the exact error you are receiving?

  • Shelly 9 posts 79 karma points
    Nov 25, 2023 @ 16:23
    Shelly
    0

    Finally I did not use your video, I used something else:

    I created a new class: "RedirectAntiforgeryValidationFailedResultFilter".

    This class inherits: IAsyncAlwaysRunResultFilter

    The class looks like this:

    using Umbraco.Cms.Web.Website.ActionResults;  
    using UMmebers10.ViewComponentClasses;
    using Umbraco.Cms.Infrastructure.Examine;
    
    namespace UMmebers10.Classes
    {
        public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter<br/>
        {
            public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
            {
                if (context.Result is AntiforgeryValidationFailedResult)
                {
                    context.Result = new RedirectToPageResult("/ErrorPage");
                }
                return next();
            }
        }
    

    This works!!!!

    But the problem that I have is about the line:

    context.Result = new RedirectToPageResult("/ErrorPage");

    I am redirected to a non existing page:

    https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage

    I want to be redirected to an existing page like:

    context.Result = new RedirectToPageResult(MasterPage.Url);

    But I dont know how "MasterPage" should be defined.

    Mainly because: "Umbraco.AssignedContentItem" or "CurrentPage" are not defind in a class that does not inherit from "SurfaceController".

    Can you please help? Thank you!!!

  • Shelly 9 posts 79 karma points
    Nov 25, 2023 @ 16:31
    Shelly
    0

    Finally it worked using this code (Adding new class):

    using Umbraco.Cms.Web.Website.ActionResults;
    using UMmebers10.ViewComponentClasses;
    using Umbraco.Cms.Infrastructure.Examine;
    
    namespace UMmebers10.Classes
    {
        public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter
        {
            public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
            {
                if (context.Result is AntiforgeryValidationFailedResult)
                {
                    context.Result = new RedirectToPageResult("/ErrorPage");
                }
    
                return next();
            }
        }
    }
    

    And, in startup.cs code:

    services.AddMvc(options =>
        options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>())
        .SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
        .ConfigureApiBehaviorOptions(options =>
        {
            options.SuppressMapClientErrors = true;
        });
    

    The only problem left: I am redirected to a non-existing page:

    https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage

    How can I find the home page root and redirect there?

    The class does not inherit SurfaceController, so Codes like "CurrentPage" and "Umbraco.AssignedContentItem" are not recognized there, and I don't know how they can be recognized,

Please Sign in or register to post replies

Write your reply to:

Draft