Base solution for your next web application
Open Closed

Swagger, possible problem with anti forgery header #1623


User avatar
0
jimchristian created

I started a new application using ASP.Net Zero 1.12 last week. I'm unable to get Swagger to work--all calls to POST methods fail with error 400, which appears to be due to an empty or invalid anti-forgery header token. This happens on both localhost and Azure. Here's my sequence:

  1. Start the application and logon to the host as admin.
  2. Navigate to <server>/swagger, which redirects to <server>/swagger/ui/index. All the services are displayed as usual.
  3. Open Account, /api/Account, enter the following in the body:
{
  "usernameOrEmailAddress": "admin",
  "password": "123qwe"
}

The server sends back a response code of 400 and no body. The other service calls also send back a response code of 400. (I've been testing with GetTenants). I've cleared the cache and tried different browsers on other computers. I used Swagger extensively in a project built on ABP version 0.8.

Although Swagger doesn't work, Postman does work. I can call the /api/Account/Authenticate service using Postman and get back a result token that I can use in other service calls in Postman.

Any ideas?


12 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Thank you for informing us, here is the issue for that <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/issues/320">https://github.com/aspnetzero/aspnet-zero/issues/320</a>. We have fixed it, it will be in the next release.

    In the mean time you can apply it by yourself for your project.

  • User Avatar
    0
    aaronwittman created

    I am getting the same problem. Any advice on how to address this issue or if this has been fixed?

    The url for githuib btw is also returning 404.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    This issue is resolved. If you share your github username, we can invite you to private repository, then you can see the issue and it's solution.

  • User Avatar
    0
    aaronwittman created

    Great! please add - awittman

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    You are invited.

  • User Avatar
    0
    commondesk created

    Please add commondesk

  • User Avatar
    0
    commondesk created

    Since that last update was in October, I'm assuming this was fixed? Were using 2.1.0??

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    It seems like there is no github user with username "commondesk". Your github username mbalsam is already invited, can you see the source code AspNet Zero and issue above ?

    And, do you still have this problem ?

  • User Avatar
    0
    commondesk created

    Thanks. Were in to github now. Will try the fix in an hour.

  • User Avatar
    0
    commondesk created

    The changes listed here.

    <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/commit/a9170c0d9728bea63ffdadca10bb1eb7347191f8">https://github.com/aspnetzero/aspnet-ze ... b7347191f8</a>

    Are already in my existing release.

    Also, im trying this from REST Console plugin for Chrome. Dont see why that should matter?

  • User Avatar
    0
    commondesk created

    Adding this

    Configuration.Modules.AbpWeb().AntiForgery.IsEnabled = false;

    XXXXWebApiModule::Initialize() fixed for development.

    Since we will not be using ASP.NET to make calls to the API we need to understand what involved in getting this to work for production.

    Q: Do we need to read a cookie and then submit that as an X-Header in the call to the API?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Do you get the same error when you make your request from REST Console plugin for Chrome ? Can you try it with PostMan chrome extension ?