Activities of "lalande1988"
Hi @ismcagdas,
Excellent, this one worked, thank you very much!
Kind regards,
Hi @ismcagdas,
thank you!
Yes, Postman, please see the headers below. I can share the real link (via mail?) to you if you would like to see for yourself?
body:
Hello,
[v12.2.0 with ASP.NET Core and JQuery]
On top of the web page functionality (Web.Mvc) I want to allow a subset of the APIs to be remotely consumed by customers. For testing I am using Cors (code below) and expect that the API can be consumed with Postman to start with. (Actually, I think Cors is not needed with Postman, only with Swagger).
When I use Postman on the dev machine (localhost), everything works as expected: I get the access token and with that I can call an app service, like GetUsers (as in your doc). When I deploy the app and call https://myexamplepage.co.uk/api/TokenAuth/Authenticate I get an internal error (500) reported.
The log file:
ERROR 2023-10-04 16:57:05.970 [74 ] idateAntiforgeryTokenAuthorizationFilter - The required antiforgery header value "X-XSRF-TOKEN" does not exist. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header X-XSRF-TOKEN is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) on Abp.AspNetCore.Mvc.Antiforgery.AbpValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
A logging statement confirms that on the test (production) server I never get inside the Authenticate() method of the TokenAuthController.
I wonder why there is a need for antiforgery / why it is checked and missing?
Any ideas how I can fix this or at least a starting point to get a better understanding?
Thanks and best regards
services.AddCors(options => { options.AddPolicy(_corsPolicy, builder => { builder .WithOrigins("*") .AllowAnyHeader() .AllowAnyMethod(); }); });
_corsPolicy is an arbitrary string
Hi,
Thank you!
CORS has been enabled in the startup.cs file. If this is not the case, the error will be different. I.e. in that case the error will be in the chrome developer console correctly stating that CORS has not been enabled. Without CORS the case of the empty (call without ajax data) would not be working as well.
It looks like there is a kind of pre-validation before the validation of my data.
Maybe you have one more idea?
Thank you and kind regards!
Startup:
services.AddCors(options =>
{
options.AddPolicy(name: _corsPolicy, policy =>
{
policy
.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
;
});
});
.....
app.UseCors(_corsPolicy); // Note: must be after UseRouting and before UseAuthorization
Thank you for you r feedback!
Your suggestion works fine, as expected. Find the code and console response below.
To avoid misunderstandings: the Web API will be utilized by a customer, i.e. from any web page making an ajax call. They could even use a different technology. My test setup is a web page making the call as in the example at the top.
So: making the call from a view on my page works fine, so does Swagger and Postman. Only another page making a cross origin call fails.
js Code:
console.log("starting premium test");
let formData = {
"premiumInput": {
"territory": 1,
"postcode": "B37 7HQ",
"eircode": "",
"address_1": "",
"address_2": "",
"occupancy": 0,
"buildingType": 0,
"yearBuilt": 2000,
"sumInsuredBuilding": 100000,
"sumInsuredContents": 200000,
"sumInsuredBi": 300000,
"deductibleFlood": 111, // only this will be evaluated to know we have reached the service
"deductibleFreeze": 250,
"deductibleStormSurge": 250,
"deductibleSubsidence": 250,
"deductibleTheft": 250,
"deductibleWindstorm": 250,
"percentageRiskShare": 80
}
};
let premiumService = abp.services.app.premium;
premiumService
.getCalcPremiums(formData.premiumInput)
.done(function (result) {
console.log("done premium test", JSON.stringify(result));
})
.fail(function (result) {
console.log("failes premium test", JSON.stringify(result));
});
The only dummy calculation is flood = 3 * deductibleFlood (3 * 111 = 333). The other values are constant.
Thank you and kind regards!
Prerequisites
- What is your product version? ASP.NET Zero 11.0
- What is your product type (Angular or MVC)? MVC
- What is product framework type (.net framework or .net core)? .NET Core
Task
Implement a Web API post utilizing CORS. To start with: all origins allowed and without authentication.
Thank you for your support!
Overview
Two app service function exist. Both HttpPost, one expects input, the other is a call without any parameter. Swagger & Postman work fine with both. A demo client making a cross-origin call works with the parameter-less function. The function expecting a parameter creates a validation error. The validation error is not due to violating a rule of the input class. I tested existing APIs, like roles/getroles after having disabled authentication. The same class of error, validation before it comes to input validation.
Details
Excerpt from Logs.txt, this might be most helpful? Unfortunately, not for me... See at the end of the message, maybe easier to copy / paste ro review.
Client code and response
Ajax call in the client:
$.ajax({
contentType: 'application/json',
data: formData.premiumInput,
type: 'post',
url: serviceUrl.href,
})
.done(function (data, textStatus, jqXHR) {
....
})
.fail(function (jqXHR, textStatus, errorThrown) {
...
});
Notes: data and url are checked, they do not cause trouble. crossDomain: true makes no difference.
Response (in failed()):
responseJSON:
error:
code: 0
details: "Die folgenden Fehler wurden während der Validierung entdeckt.\r\n - Error parsing boolean value. Path '', line 1, position 1.\r\n"
message: "Die Anfrage war ungültig!"
validationErrors: Array(1)
0:
members: ['']
message: "Error parsing boolean value. Path '', line 1, position 1."
result: null
success: false
targetUrl: null
unAuthorizedRequest: false
__abp: true
The German details / message means: error during validation. The Error parsing boolean value is not clear. For the records:
formData.premiumInput = {
"territory": 1,
"postcode": "B37 7HQ",
"eircode": "",
"address_1": "",
"address_2": "",
"occupancy": 0,
"buildingType": 0,
"yearBuilt": 2000,
"sumInsuredBuilding": 100000,
"sumInsuredContents": 200000,
"sumInsuredBi": 300000,
"deductibleFlood": 250,
"deductibleFreeze": 250,
"deductibleStormSurge": 250,
"deductibleSubsidence": 250,
"deductibleTheft": 250,
"deductibleWindstorm": 250,
"percentageRiskShare": 80
};
App Service
namespace PerilManager.Premiums
{
// [AbpAuthorize]
[EnableCors("CorsPolicy")]
public class PremiumAppService : PerilManagerAppServiceBase, IPremiumAppService
{
[HttpPost]
public async Task<CalcPremiumsOutput> GetCalcPremiums(CalcPremiumsInput input)
{
double flood = 3 * input.DeductibleFlood;
CalcPremiumsOutput output = await Task.FromResult(new CalcPremiumsOutput()
{
Flood = flood,
StormSurge = 3939.00,
Windstorm = 3939.39,
Freeze = 303.49,
Subsidence = 1.38383,
Theft = 300
});
return output;
}
[HttpPost]
public async Task<CalcPremiumsOutput> UpdatePremiums()
{
CalcPremiumsOutput output = await Task.FromResult(new CalcPremiumsOutput()
{
Flood = 299,
StormSurge = 3939.00,
Windstorm = 3939.39,
Freeze = 303.49,
Subsidence = 1.38383,
Theft = 300
});
return output;
}
}
}
Logs.txt
INFO 2022-06-01 13:33:53,669 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/2 OPTIONS https://localhost:44302/api/services/app/premium/getcalcpremiums - - INFO 2022-06-01 13:33:53,669 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful. INFO 2022-06-01 13:33:53,670 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/2 OPTIONS https://localhost:44302/api/services/app/premium/getcalcpremiums - - - 204 - - 1.0952ms INFO 2022-06-01 13:33:53,681 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/2 POST https://localhost:44302/api/services/app/premium/getcalcpremiums application/json 333 INFO 2022-06-01 13:33:53,682 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful. INFO 2022-06-01 13:33:53,683 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful. INFO 2022-06-01 13:33:53,683 [orker] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'PerilManager.Premiums.PremiumAppService.GetCalcPremiums (PerilManager.Application)' INFO 2022-06-01 13:33:53,685 [orker] c.Infrastructure.ControllerActionInvoker - Route matched with {area = "app", action = "GetCalcPremiums", controller = "Premium"}. Executing controller action with signature System.Threading.Tasks.Task`1[PerilManager.Premiums.Dto.CalcPremiumsOutput] GetCalcPremiums(PerilManager.Premiums.Dto.CalcPremiumsInput) on controller PerilManager.Premiums.PremiumAppService (PerilManager.Application). INFO 2022-06-01 13:33:53,692 [orker] osoft.EntityFrameworkCore.Infrastructure - Entity Framework Core 6.0.0 initialized 'PerilManagerDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.0' with options: None WARN 2022-06-01 13:33:53,705 [orker] Mvc.ExceptionHandling.AbpExceptionFilter - Method arguments are not valid! See ValidationErrors for details. Abp.Runtime.Validation.AbpValidationException: Method arguments are not valid! See ValidationErrors for details. at Abp.Runtime.Validation.Interception.MethodInvocationValidator.ThrowValidationError() at Abp.Runtime.Validation.Interception.MethodInvocationValidator.Validate() at Abp.AspNetCore.Mvc.Validation.AbpValidationActionFilter.OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.
Hi,
excellent, this is perfect. Thank you!
Prerequisites
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
- What is your product version? => 9.01 (.net 3.1)
- What is your product type (Angular or MVC)? => MVC
- What is product framework type (.net framework or .net core)? => .net core
Question
The task is to "Set-Cookie Secure", as outlined here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#syntax:
<br>
Current
Below is the Google DevTools print which shows that Content Security Policy (CSP) has been added - completed (upper arrow).
Question: Next, the secure cookie is required (lower arrow). Would you be able to help (which code in which file?)
Thanks!
@ismcagdas, we are in the same situation as 4Matrix. Would be help to have at least a rough estimation, rather 3months, 1 year... So we might wait a bit - or not. Thanks!
Prerequisites
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
What is your product version? Version: 9.0.0
What is your product type (Angular or MVC)? ASP NET CORE 3.1 (MVC)
What is product framework type (.net framework or .net core)? .net core
Issue:
I am having issue integrating a new 2FA service (DUO by CISCO in my case). What are the steps I need to take to fully integrate this into my current solution. I want to have this as a replacement of Google Authenticator one. Is there any experience available which you can share (with DUO)?