Hello,
[v12.2.0 with ASP.NET Core and JQuery]
On top of the web page functionality (Web.Mvc) I want to allow a subset of the APIs to be remotely consumed by customers. For testing I am using Cors (code below) and expect that the API can be consumed with Postman to start with. (Actually, I think Cors is not needed with Postman, only with Swagger).
When I use Postman on the dev machine (localhost), everything works as expected: I get the access token and with that I can call an app service, like GetUsers
(as in your doc). When I deploy the app and call https://myexamplepage.co.uk/api/TokenAuth/Authenticate I get an internal error (500) reported.
The log file:
ERROR 2023-10-04 16:57:05.970 [74 ] idateAntiforgeryTokenAuthorizationFilter - The required antiforgery header value "X-XSRF-TOKEN" does not exist. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header X-XSRF-TOKEN is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) on Abp.AspNetCore.Mvc.Antiforgery.AbpValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
A logging statement confirms that on the test (production) server I never get inside the Authenticate(
) method of the TokenAuthController
.
I wonder why there is a need for antiforgery / why it is checked and missing?
Any ideas how I can fix this or at least a starting point to get a better understanding?
Thanks and best regards
services.AddCors(options => { options.AddPolicy(_corsPolicy, builder => { builder .WithOrigins("*") .AllowAnyHeader() .AllowAnyMethod(); }); });
_corsPolicy
is an arbitrary string
Implement a Web API post utilizing CORS. To start with: all origins allowed and without authentication.
Thank you for your support!
Two app service function exist. Both HttpPost, one expects input, the other is a call without any parameter. Swagger & Postman work fine with both. A demo client making a cross-origin call works with the parameter-less function. The function expecting a parameter creates a validation error. The validation error is not due to violating a rule of the input class. I tested existing APIs, like roles/getroles after having disabled authentication. The same class of error, validation before it comes to input validation.
Excerpt from Logs.txt, this might be most helpful? Unfortunately, not for me... See at the end of the message, maybe easier to copy / paste ro review.
Ajax call in the client:
$.ajax({
contentType: 'application/json',
data: formData.premiumInput,
type: 'post',
url: serviceUrl.href,
})
.done(function (data, textStatus, jqXHR) {
....
})
.fail(function (jqXHR, textStatus, errorThrown) {
...
});
Notes: data and url are checked, they do not cause trouble. crossDomain: true
makes no difference.
Response (in failed()):
responseJSON:
error:
code: 0
details: "Die folgenden Fehler wurden während der Validierung entdeckt.\r\n - Error parsing boolean value. Path '', line 1, position 1.\r\n"
message: "Die Anfrage war ungültig!"
validationErrors: Array(1)
0:
members: ['']
message: "Error parsing boolean value. Path '', line 1, position 1."
result: null
success: false
targetUrl: null
unAuthorizedRequest: false
__abp: true
The German details / message means: error during validation. The Error parsing boolean value is not clear. For the records:
formData.premiumInput = {
"territory": 1,
"postcode": "B37 7HQ",
"eircode": "",
"address_1": "",
"address_2": "",
"occupancy": 0,
"buildingType": 0,
"yearBuilt": 2000,
"sumInsuredBuilding": 100000,
"sumInsuredContents": 200000,
"sumInsuredBi": 300000,
"deductibleFlood": 250,
"deductibleFreeze": 250,
"deductibleStormSurge": 250,
"deductibleSubsidence": 250,
"deductibleTheft": 250,
"deductibleWindstorm": 250,
"percentageRiskShare": 80
};
namespace PerilManager.Premiums
{
// [AbpAuthorize]
[EnableCors("CorsPolicy")]
public class PremiumAppService : PerilManagerAppServiceBase, IPremiumAppService
{
[HttpPost]
public async Task<CalcPremiumsOutput> GetCalcPremiums(CalcPremiumsInput input)
{
double flood = 3 * input.DeductibleFlood;
CalcPremiumsOutput output = await Task.FromResult(new CalcPremiumsOutput()
{
Flood = flood,
StormSurge = 3939.00,
Windstorm = 3939.39,
Freeze = 303.49,
Subsidence = 1.38383,
Theft = 300
});
return output;
}
[HttpPost]
public async Task<CalcPremiumsOutput> UpdatePremiums()
{
CalcPremiumsOutput output = await Task.FromResult(new CalcPremiumsOutput()
{
Flood = 299,
StormSurge = 3939.00,
Windstorm = 3939.39,
Freeze = 303.49,
Subsidence = 1.38383,
Theft = 300
});
return output;
}
}
}
INFO 2022-06-01 13:33:53,669 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/2 OPTIONS https://localhost:44302/api/services/app/premium/getcalcpremiums - - INFO 2022-06-01 13:33:53,669 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful. INFO 2022-06-01 13:33:53,670 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/2 OPTIONS https://localhost:44302/api/services/app/premium/getcalcpremiums - - - 204 - - 1.0952ms INFO 2022-06-01 13:33:53,681 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/2 POST https://localhost:44302/api/services/app/premium/getcalcpremiums application/json 333 INFO 2022-06-01 13:33:53,682 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful. INFO 2022-06-01 13:33:53,683 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful. INFO 2022-06-01 13:33:53,683 [orker] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'PerilManager.Premiums.PremiumAppService.GetCalcPremiums (PerilManager.Application)' INFO 2022-06-01 13:33:53,685 [orker] c.Infrastructure.ControllerActionInvoker - Route matched with {area = "app", action = "GetCalcPremiums", controller = "Premium"}. Executing controller action with signature System.Threading.Tasks.Task`1[PerilManager.Premiums.Dto.CalcPremiumsOutput] GetCalcPremiums(PerilManager.Premiums.Dto.CalcPremiumsInput) on controller PerilManager.Premiums.PremiumAppService (PerilManager.Application). INFO 2022-06-01 13:33:53,692 [orker] osoft.EntityFrameworkCore.Infrastructure - Entity Framework Core 6.0.0 initialized 'PerilManagerDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.0' with options: None WARN 2022-06-01 13:33:53,705 [orker] Mvc.ExceptionHandling.AbpExceptionFilter - Method arguments are not valid! See ValidationErrors for details. Abp.Runtime.Validation.AbpValidationException: Method arguments are not valid! See ValidationErrors for details. at Abp.Runtime.Validation.Interception.MethodInvocationValidator.ThrowValidationError() at Abp.Runtime.Validation.Interception.MethodInvocationValidator.Validate() at Abp.AspNetCore.Mvc.Validation.AbpValidationActionFilter.OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
The task is to "Set-Cookie Secure", as outlined here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#syntax:
Below is the Google DevTools print which shows that Content Security Policy (CSP) has been added - completed (upper arrow).
Question: Next, the secure cookie is required (lower arrow). Would you be able to help (which code in which file?)
Thanks!
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
What is your product version? Version: 9.0.0
What is your product type (Angular or MVC)? ASP NET CORE 3.1 (MVC)
What is product framework type (.net framework or .net core)? .net core
I am having issue integrating a new 2FA service (DUO by CISCO in my case). What are the steps I need to take to fully integrate this into my current solution. I want to have this as a replacement of Google Authenticator one. Is there any experience available which you can share (with DUO)?
ASP Net Zero v9.1.0 .Net Core v3.1 SQL Server 2019
Hi,
we receive the following message when starting the default (downloaded) application:
The cause seems to be that the application wants to login to the SQL server under the name of the server (TLUL/TEST-RERIL-01). The next step for us would be a solution of how to set the default user. Ideally through a connection string in a (the) setup file - we can even live with a hard-coded version to start with.
Any thoughts, please?
Also attached a screen shot of the SQL backend application:
Thank you and kind regards,
Reiner
Hello,
I have been trying to deploy my ASP Net Zero solution (v9.0.1) on IIS Server using .net core 3.1 framework. The server used is Windows Server 2019. Visual Studio builds, compiles and runs the application successfully, but as soon as I publish it on IIS server it starts giving me error 500.30:
HTTP Error 500.30 - ANCM In-Process Start Failure Common solutions to this issue: The application failed to start The application started but then stopped The application started but threw an exception during startup Troubleshooting steps: Check the system event log for error messages Enable logging the application process' stdout messages Attach a debugger to the application process and inspect For more information visit: https://go.microsoft.com/fwlink/?LinkID=2028265
I followed the steps as per described on your weblink: https://docs.aspnetzero.com/en/aspnet-core-mvc/latest/Deployment-Mvc-Core-IIS, but no luck till now. I would highly appreciate if you provide the quickest support for this issue.
Kind regards, Prashant
Hi,
I am not clear about downloading the package. We have 1 license, 2 developers and we are working on development / test and production server (so, 3 in total). We need to download 3 times. I noticed that the "standard" and the "demo" download differ in the namespace convention. Can we download 3x the standard (without demo) version? Next to impossible to change the name space afterwards. Please advise. thanks.
Hello,
I am in the process of setting up the standard ASP.NET CORE MVC & JQUERY implmentation.
Would you be able to help me online to publish the standard application on the web with IIS? Naturally, I would pay for your consulting efforts upfront. Or could you point to me to someone who can help.
Thank you and kind regards,
Reiner