Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Shelly 9 posts 79 karma points
    Nov 23, 2023 @ 09:37
    Shelly
    0

    ValidateAntiForgeryToken

    Hello,

    In Umbraco version 10, I would like to Validate anti forgery token before handling every method. So I tried to use:

    [HttpPost]
    [ValidateAntoForgeryToken]
    public IActionResult HandleMyMethod(MyModel model)
    {

    }

    *I know that [ValidateAntoForgeryToken] is not needed here, because AntiForgeryToken is used by default.

    My problem is that if my auth token is expired, then the user gets error 400. I want him to get an error, but in a "beautiful" way. Or instead, I want to redirect him to login page.

    My question is, is it possible? to put
    [ValidateAntoForgeryToken]
    Over a method, and write a code somewhere that will redirect the user to the login page if [ValidateAntoForgeryToken] returns error?

    Thank you so much!!!

    Copy Link
  • Huw Reddick 1929 posts 6697 karma points MVP 2x c-trib
    Nov 23, 2023 @ 09:49
    Huw Reddick
    0

    ValidateAntiForgeryToken does not have anything to do with authentication.

    You will need to write an erro handler

    Copy Link
  • Huw Reddick 1929 posts 6697 karma points MVP 2x c-trib
    Nov 23, 2023 @ 09:51
    Huw Reddick
    0

    https://www.youtube.com/watch?v=4LaFi0SzBdY

    Copy Link
  • Shelly 9 posts 79 karma points
    Nov 23, 2023 @ 14:55
    Shelly
    0

    Thank you!!! My [ValidateAntiForgeryToken] errors are still not well-handled this way, but I will try again..
    I see that it does not even route to "/error"..

    Copy Link
  • Huw Reddick 1929 posts 6697 karma points MVP 2x c-trib
    Nov 23, 2023 @ 15:24
    Huw Reddick
    0

    like I said, validateantiforgery does not have anything to do with authentication. The antiforgery prevents csrf attacks.

    Copy Link
  • Huw Reddick 1929 posts 6697 karma points MVP 2x c-trib
    Nov 23, 2023 @ 16:04
    Huw Reddick
    0

    What is the exact error you are receiving?

    Copy Link
  • Shelly 9 posts 79 karma points
    Nov 25, 2023 @ 16:23
    Shelly
    0

    Finally I did not use your video, I used something else:

    I created a new class: "RedirectAntiforgeryValidationFailedResultFilter".

    This class inherits: IAsyncAlwaysRunResultFilter

    The class looks like this:

    using Umbraco.Cms.Web.Website.ActionResults;  
using UMmebers10.ViewComponentClasses;
using Umbraco.Cms.Infrastructure.Examine;

namespace UMmebers10.Classes
{
    public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter<br/>
    {
        public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            if (context.Result is AntiforgeryValidationFailedResult)
            {
                context.Result = new RedirectToPageResult("/ErrorPage");
            }
            return next();
        }
    }

    This works!!!!

    But the problem that I have is about the line:

    context.Result = new RedirectToPageResult("/ErrorPage");

    I am redirected to a non existing page:

    https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage

    I want to be redirected to an existing page like:

    context.Result = new RedirectToPageResult(MasterPage.Url);

    But I dont know how "MasterPage" should be defined.

    Mainly because: "Umbraco.AssignedContentItem" or "CurrentPage" are not defind in a class that does not inherit from "SurfaceController".

    Can you please help? Thank you!!!

    Copy Link
  • Shelly 9 posts 79 karma points
    Nov 25, 2023 @ 16:31
    Shelly
    0

    Finally it worked using this code (Adding new class): 

    using Umbraco.Cms.Web.Website.ActionResults;
using UMmebers10.ViewComponentClasses;
using Umbraco.Cms.Infrastructure.Examine;

namespace UMmebers10.Classes
{
    public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter
    {
        public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            if (context.Result is AntiforgeryValidationFailedResult)
            {
                context.Result = new RedirectToPageResult("/ErrorPage");
            }

            return next();
        }
    }
}

    And, in startup.cs code: 

    services.AddMvc(options =>
    options.Filters.Add<RedirectAntiforgeryValidationFailedResultFilter>())
    .SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
    .ConfigureApiBehaviorOptions(options =>
    {
        options.SuppressMapClientErrors = true;
    });

    The only problem left: I am redirected to a non-existing page:

    https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage

    How can I find the home page root and redirect there?

    The class does not inherit SurfaceController, so Codes like "CurrentPage" and "Umbraco.AssignedContentItem" are not recognized there, and I don't know how they can be recognized,

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft