Still Trying to get this to work with the Dynamic Controllers, For the most part I have it working for all POST request except one. I ended up putting this line of code
config.headers['X-XSRF-Token'] = angular.element('input[name="__RequestVerificationToken"]').attr('value');
in the abp.ng.js file under the..
abpModule.config([
'$httpProvider', function ($httpProvider) {
$httpProvider.interceptors.push(['$q', function ($q) {
return {
'request': function (config) {
if (endsWith(config.url, '.cshtml')) {
config.url = abp.appPath + 'AbpAppView/Load?viewUrl=' + config.url + '&_t=' + abp.pageLoadTime.getTime();
}
//Anti Forgery Token
config.headers['X-XSRF-Token'] = angular.element('input[name="__RequestVerificationToken"]').attr('value');
return config;
},
As you can see here. This works for the most part to send the headers. But there is one service that runs right before this seems to be loaded. The service that fails without the header XSRF token is /api/services/app/session/GetCurrentLoginInformations. This must fire off before either abpModule.config is ran or the layout is loaded. The layout.cshtml is where I have the @Html.AntiForgeryToken() being generated.
Would you have any suggestions? This is hanging me up big time.
I decided not to inherit from AbpWebApiModule since I was unable to get it working with Castle Windsor. What I ended up doing is creating my own AbpWebApiCustomModule that only initialized my custom filter to validate the Anti-Forgery token. I then added this to be used like this in my CompanyWebAPIModule [DependsOn(typeof(AbpApiCustomModule), typeof(AbpWebApiModule)...
this all worked as I hoped it would but now I am having a different problem with having Angular to send the token as a header since ASP.NET creates a cookie called this __RequestVerificationToken and not X-XSRF-Token as Angular is looking for.
Doing something like this...
.run(function($http) { $http.defaults.headers.common['X-XSRF-Token'] = angular.element('input[name="__RequestVerificationToken"]').attr('value'); })
doesn't work either since you are wrapping the $http with a dynamic service. So I am unsure how to handle this for every Angular request.
Any ideas?
Sounds good. For now I am going to try and create my own WebApiModule that inherits from AbpWebApiModule and then override the Initialize() method and create my own IntializeFilters() private method that adds a ValidateAPIAntiForgeryTokenAtribute I create to validate these AntiForgery tokens.
I haven't finished this yet but I am hoping then in the WebAPIModule I will have it depend on the one that inherits from AbpWebApiModule and I am hoping it will use that attribute in the dynamic api controller builder.
It's just a concept right now but I will update it if works or not.
I just learned that AngularJS $http service reads a token from a cookie (it looks for XSRF-TOKEN and ASP.NET uses __RequestVerificationToken) then Angular will set it as an HTTP header (X-XSRF-TOKEN).
The documentation talks a bit about this here about half way down the page in the section labeled "Cross Site Request Forgery (XSRF) Protection" <a class="postlink" href="https://docs.angularjs.org/api/ng/service/$http">https://docs.angularjs.org/api/ng/service/$http</a>
Here is a good example how to do this in ASP.NET MVC or WebAPI. The problem is since you use the Dynamic WebAPI controllers for the Angular App I have no idea how to make this work for those. <a class="postlink" href="http://geekswithblogs.net/Frez/archive/2015/01/11/anti-forgery-tokens-with-angularjs-and-asp.net-web-api.aspx">http://geekswithblogs.net/Frez/archive/ ... b-api.aspx</a>
Any help would be greatly appreciated.
I was wondering if you figured out a way to automatically make Anti-Forgery mechanism as you suggested back in September of last year you were working on?
Oh yes I see that now. Thank you.
Perfect that worked, this may be a stupid question but what is the difference between $uibModal and $modal
I had to do the same thing for $uibModalInstance to make it work.
Yes it does. The project service works just fine. When I remove $modal it works just fine. For example this works just fine. It has something to do with $modal.
(function () {
appModule.controller('tenant.views.projects.index', [
'$scope', 'abp.services.app.project',
function ($scope, projectService) {
var vm = this;
vm.projects = [];
vm.getProjects = function() {
projectService.getProjects({}).success(function (result) {
vm.projects = result.items;
});
}
vm.getProjects();
}
]);
})();
Sounds good Thanks
Excellent, thank you.
I have handled sending AntiForgery tokens with Ajax before but I am pretty new to Angular so I will need to do some more research on how to handle this with Angular.