Open Closed

Swagger, possible problem with anti forgery header #1623


0
jimchristian created

I started a new application using ASP.Net Zero 1.12 last week. I'm unable to get Swagger to work--all calls to POST methods fail with error 400, which appears to be due to an empty or invalid anti-forgery header token. This happens on both localhost and Azure. Here's my sequence:

  1. Start the application and logon to the host as admin.
  2. Navigate to
  3. Open Account, /api/Account, enter the following in the body:
{
  "usernameOrEmailAddress": "admin",
  "password": "123qwe"
}

The server sends back a response code of 400 and no body. The other service calls also send back a response code of 400. (I've been testing with GetTenants). I've cleared the cache and tried different browsers on other computers. I used Swagger extensively in a project built on ABP version 0.8.

Although Swagger doesn't work, Postman does work. I can call the /api/Account/Authenticate service using Postman and get back a result token that I can use in other service calls in Postman.

Any ideas?


12 Answer(s)
  • 0
    ismcagdas created

    Hi,

    Thank you for informing us, here is the issue for that https://github.com/aspnetzero/aspnet-zero/issues/320. We have fixed it, it will be in the next release.

    In the mean time you can apply it by yourself for your project.

  • 0
    aaronwittman created

    I am getting the same problem. Any advice on how to address this issue or if this has been fixed?

    The url for githuib btw is also returning 404.

  • 0
    ismcagdas created

    Hi,

    This issue is resolved. If you share your github username, we can invite you to private repository, then you can see the issue and it's solution.

  • 0
    aaronwittman created

    Great! please add - awittman

  • 0
    ismcagdas created

    Hi,

    You are invited.

  • 0
    commondesk created

    Please add commondesk

  • 0
    commondesk created

    Since that last update was in October, I'm assuming this was fixed? Were using 2.1.0??

  • 0
    ismcagdas created

    Hi,

    It seems like there is no github user with username "commondesk". Your github username mbalsam is already invited, can you see the source code AspNet Zero and issue above ?

    And, do you still have this problem ?

  • 0
    commondesk created

    Thanks. Were in to github now. Will try the fix in an hour.

  • 0
    commondesk created

    The changes listed here.

    https://github.com/aspnetzero/aspnet-ze ... b7347191f8

    Are already in my existing release.

    Also, im trying this from REST Console plugin for Chrome. Dont see why that should matter?

  • 0
    commondesk created

    Adding this

    Configuration.Modules.AbpWeb().AntiForgery.IsEnabled = false;

    XXXXWebApiModule::Initialize() fixed for development.

    Since we will not be using ASP.NET to make calls to the API we need to understand what involved in getting this to work for production.

    Q: Do we need to read a cookie and then submit that as an X-Header in the call to the API?

  • 0
    ismcagdas created

    Hi,

    Do you get the same error when you make your request from REST Console plugin for Chrome ? Can you try it with PostMan chrome extension ?