Swagger, possible problem with anti forgery header #1623

jimchristian created 6 years ago

I started a new application using ASP.Net Zero 1.12 last week. I'm unable to get Swagger to work--all calls to POST methods fail with error 400, which appears to be due to an empty or invalid anti-forgery header token. This happens on both localhost and Azure. Here's my sequence:

Start the application and logon to the host as admin.
Navigate to <server>/swagger, which redirects to <server>/swagger/ui/index. All the services are displayed as usual.
Open Account, /api/Account, enter the following in the body:

{
  "usernameOrEmailAddress": "admin",
  "password": "123qwe"
}

The server sends back a response code of 400 and no body. The other service calls also send back a response code of 400. (I've been testing with GetTenants). I've cleared the cache and tried different browsers on other computers. I used Swagger extensively in a project built on ABP version 0.8.

Although Swagger doesn't work, Postman does work. I can call the /api/Account/Authenticate service using Postman and get back a result token that I can use in other service calls in Postman.

Any ideas?

12 Answer(s)

0

ismcagdas created 6 years ago
Support Team

Hi,

Thank you for informing us, here is the issue for that <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/issues/320">https://github.com/aspnetzero/aspnet-zero/issues/320</a>. We have fixed it, it will be in the next release.

In the mean time you can apply it by yourself for your project.
0

aaronwittman created 6 years ago

I am getting the same problem. Any advice on how to address this issue or if this has been fixed?

The url for githuib btw is also returning 404.
0

ismcagdas created 6 years ago
Support Team

Hi,

This issue is resolved. If you share your github username, we can invite you to private repository, then you can see the issue and it's solution.
0

aaronwittman created 6 years ago

Great! please add - awittman
0

ismcagdas created 6 years ago
Support Team

Hi,

You are invited.
0

commondesk created 6 years ago

Please add commondesk
0

commondesk created 6 years ago

Since that last update was in October, I'm assuming this was fixed? Were using 2.1.0??
0

ismcagdas created 6 years ago
Support Team

Hi,

It seems like there is no github user with username "commondesk". Your github username mbalsam is already invited, can you see the source code AspNet Zero and issue above ?

And, do you still have this problem ?
0

commondesk created 6 years ago

Thanks. Were in to github now. Will try the fix in an hour.
0

commondesk created 6 years ago

The changes listed here.

<a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/commit/a9170c0d9728bea63ffdadca10bb1eb7347191f8">https://github.com/aspnetzero/aspnet-ze ... b7347191f8</a>

Are already in my existing release.

Also, im trying this from REST Console plugin for Chrome. Dont see why that should matter?
0

commondesk created 6 years ago

Adding this

Configuration.Modules.AbpWeb().AntiForgery.IsEnabled = false;

XXXXWebApiModule::Initialize() fixed for development.

Since we will not be using ASP.NET to make calls to the API we need to understand what involved in getting this to work for production.

Q: Do we need to read a cookie and then submit that as an X-Header in the call to the API?
0

ismcagdas created 6 years ago
Support Team

Hi,

Do you get the same error when you make your request from REST Console plugin for Chrome ? Can you try it with PostMan chrome extension ?

Have an answer to this question? Log in and write your answer.