Open Closed

Antiforgery token validation failed for iframe when authenticating #5857


User avatar
0
bhasinp created
  • ABP Framework version: v7.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"
  1. AzureOpenId auth login
  2. Registered AddOpenIdConnect("AzureOpenId", "Azure AD OpenId"
  3. Angular login flow responseType: 'code

App is working well, Login authtoken etc everything works well.

The used case is I want to use app in iframe as well For this I enabled

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors https://xyz.com");
    await next();
});

iFrame is loading the login page correctly but the issue is when I click on login button it throw exception of 400 bad request. which is due to antiforgery cookie

Log

2023-09-26 16:36:47.704 +05:30 [INF] Executing endpoint '/Account/Login' 2023-09-26 16:36:47.704 +05:30 [INF] Route matched with {page = "/Account/Login", action = "", controller = "", area = ""}. Executing page /Account/Login 2023-09-26 16:36:47.704 +05:30 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-09-26 16:36:47.708 +05:30 [INF] Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.jZ1YYv9-FIY" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.jZ1YYv9-FIY" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) 2023-09-26 16:36:47.709 +05:30 [INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'. 2023-09-26 16:36:47.715 +05:30 [INF] Executing StatusCodeResult, setting HTTP status code 400 2023-09-26 16:36:47.715 +05:30 [INF] Executed page /Account/Login in 10.3035ms 2023-09-26 16:36:47.715 +05:30 [INF] Executed endpoint '/Account/Login'

How can I fix this in iFrame?


2 Answer(s)
  • User Avatar
    0
    bhasinp created

    Also If you can suggest me how we can do the following thing, which will satisfy the case of authentication/Antiforgery and azure ad

    Once the angular app navigated for auth in api, that navigation should happen in a popup. and token will be passed back to angular after authentication in popup.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please check the request in the browser. I think the browser blocks some cookies.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11