In Umbraco version 10, I would like to Validate anti forgery token before handling every method. So I tried to use:
[HttpPost]
[ValidateAntoForgeryToken]
public IActionResult HandleMyMethod(MyModel model)
{
}
*I know that [ValidateAntoForgeryToken] is not needed here, because AntiForgeryToken is used by default.
My problem is that if my auth token is expired, then the user gets error 400. I want him to get an error, but in a "beautiful" way. Or instead, I want to redirect him to login page.
My question is, is it possible? to put [ValidateAntoForgeryToken]
Over a method, and write a code somewhere that will redirect the user to the login page if [ValidateAntoForgeryToken] returns error?
Thank you!!! My [ValidateAntiForgeryToken] errors are still not well-handled this way, but I will try again..
I see that it does not even route to "/error"..
Finally I did not use your video, I used something else:
I created a new class: "RedirectAntiforgeryValidationFailedResultFilter".
This class inherits: IAsyncAlwaysRunResultFilter
The class looks like this:
using Umbraco.Cms.Web.Website.ActionResults;
using UMmebers10.ViewComponentClasses;
using Umbraco.Cms.Infrastructure.Examine;
namespace UMmebers10.Classes
{
public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter<br/>
{
public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
{
if (context.Result is AntiforgeryValidationFailedResult)
{
context.Result = new RedirectToPageResult("/ErrorPage");
}
return next();
}
}
This works!!!!
But the problem that I have is about the line:
context.Result = new RedirectToPageResult("/ErrorPage");
Finally it worked using this code (Adding new class):
using Umbraco.Cms.Web.Website.ActionResults;
using UMmebers10.ViewComponentClasses;
using Umbraco.Cms.Infrastructure.Examine;
namespace UMmebers10.Classes
{
public class RedirectAntiforgeryValidationFailedResultFilter : IAsyncAlwaysRunResultFilter
{
public Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
{
if (context.Result is AntiforgeryValidationFailedResult)
{
context.Result = new RedirectToPageResult("/ErrorPage");
}
return next();
}
}
}
How can I find the home page root and redirect there?
The class does not inherit SurfaceController, so Codes like "CurrentPage" and "Umbraco.AssignedContentItem" are not recognized there, and I don't know how they can be recognized,
ValidateAntiForgeryToken
Hello,
In Umbraco version 10, I would like to Validate anti forgery token before handling every method. So I tried to use:
[HttpPost]
[ValidateAntoForgeryToken]
public IActionResult HandleMyMethod(MyModel model)
{
}
*I know that [ValidateAntoForgeryToken] is not needed here, because AntiForgeryToken is used by default.
My problem is that if my auth token is expired, then the user gets error 400. I want him to get an error, but in a "beautiful" way. Or instead, I want to redirect him to login page.
My question is, is it possible? to put
[ValidateAntoForgeryToken]
Over a method, and write a code somewhere that will redirect the user to the login page if [ValidateAntoForgeryToken] returns error?
Thank you so much!!!
ValidateAntiForgeryToken does not have anything to do with authentication.
You will need to write an erro handler
https://www.youtube.com/watch?v=4LaFi0SzBdY
Thank you!!! My [ValidateAntiForgeryToken] errors are still not well-handled this way, but I will try again..
I see that it does not even route to "/error"..
like I said, validateantiforgery does not have anything to do with authentication. The antiforgery prevents csrf attacks.
What is the exact error you are receiving?
Finally I did not use your video, I used something else:
I created a new class: "RedirectAntiforgeryValidationFailedResultFilter".
This class inherits: IAsyncAlwaysRunResultFilter
The class looks like this:
This works!!!!
But the problem that I have is about the line:
context.Result = new RedirectToPageResult("/ErrorPage");
I am redirected to a non existing page:
https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage
I want to be redirected to an existing page like:
context.Result = new RedirectToPageResult(MasterPage.Url);
But I dont know how "MasterPage" should be defined.
Mainly because: "Umbraco.AssignedContentItem" or "CurrentPage" are not defind in a class that does not inherit from "SurfaceController".
Can you please help? Thank you!!!
Finally it worked using this code (Adding new class):
And, in startup.cs code:
The only problem left: I am redirected to a non-existing page:
https://localhost:44358/umbraco/backoffice/api/filestree/HandleDeposit?page=%2FErrorPage
How can I find the home page root and redirect there?
The class does not inherit SurfaceController, so Codes like "CurrentPage" and "Umbraco.AssignedContentItem" are not recognized there, and I don't know how they can be recognized,
is working on a reply...