ASP .NET Core 2 issue with Reporting R1 2019 and antiforgery token

3 posts, 0 answers
  1. Alex
    Alex avatar
    26 posts
    Member since:
    Mar 2011

    Posted 29 Apr Link to this post

    When adding the 'services.AddMvc(options => { options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()); })',  I'me getting the following error:

    "Error registering the viewer with the service."

    Without this option all works fine.  I've found the https://localhost:44364/api/reports/clients request returns 400 (Bad Request) error code. It happens even I've added the __requestverificationtoken request header.

     

    The test project can be find here https://drive.google.com/file/d/1hxY64mVx_c0zMYt-9oB3KG2NbPUEugsb/view?usp=sharing

    Please, use the link "https://localhost:44364/api/reports/index" to load the reports page.

  2. Silviya
    Admin
    Silviya avatar
    399 posts

    Posted 02 May Link to this post

    Hello Alex,

    I tested the provided sample and indeed, I was able to reproduce the error. I must say that I'm not an expert in .NET Core, so I researched further about antiforgery tokens and I was able to fix the problem using the following configuration:
    services.AddAntiforgery(options => options.HeaderName = "__RequestVerificationToken");

    Assuming the script requests to send the token in a header is called __RequestVerificationToken, configure the antiforgery service to look for this __RequestVerificationToken header.

    For more information, please check Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core (JavaScript, AJAX, and SPAs section).

    Best Regards,
    Silviya
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. PaulH
    PaulH avatar
    65 posts
    Member since:
    Mar 2011

    Posted 24 May in reply to Silviya Link to this post

    Given that it's currently working and we're behind schedule we'll leave it as it is and perhaps look at this at a later stage to see if we can get it working.
Back to Top