Create a project
Added Validate anitforgery token middleware in .Web project like this
public class ValidateAntiForgeryTokenMiddleware { private readonly RequestDelegate _next; private readonly IAntiforgery _antiforgery;
public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAntiforgery antiforgery)
{
_next = next;
_antiforgery = antiforgery;
}
public async Task Invoke(HttpContext context)
{
if (HttpMethods.IsPost(context.Request.Method))
{
await _antiforgery.ValidateRequestAsync(context);
}
else if (HttpMethods.IsPut(context.Request.Method))
{
await _antiforgery.ValidateRequestAsync(context);
}
await _next(context);
}
}
public static class ApplicationBuilderExtensions
{
public static IApplicationBuilder UseAntiforgeryTokens(this IApplicationBuilder app)
{
return app.UseMiddleware<ValidateAntiForgeryTokenMiddleware>();
}
}
Added app.UseAntiforgeryTokens(); webmodule.
Intercept the requests in burpsuite and remove request verification token in repeater, but still the response is perfect.
Please let us know how to implement validate antiforgery token for both post and get requests as well.
ABP Framework version: v5.0.1
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no
Exception message and stack trace:
Steps to reproduce the issue:"
Step 1. We are enqueuing the emails by calling in our code * await _backgroundJobManager.EnqueueAsync(new EmailArgs() { //Object });
But in the below "ExecuteAsync" is being called multiple times in our code.
public class NotificationSendingJob : AsyncBackgroundJob<EmailArgs >, ITransientDependency
{
public NotificationSendingJob()
{
}
[UnitOfWork]
public override Task ExecuteAsync(EmailArgs args)
{
AsyncHelper.RunSync(() => SendNotification(args.TenantId, emailcontent));
return Task.FromResult(0);
}
}
We want to restrict it to single time.
context.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Path = "/Arc";
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
options.Cookie.HttpOnly = true;
});
3.. Go to developer tools in the browser and check the path. It is still set to default.
1& attributes, RuntimeModule decoratedModule, Int32 decoratedMetadataToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder
1 derivedAttributes)
at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeType type, RuntimeType caType, Boolean inherit)
at System.Attribute.GetCustomAttributes(MemberInfo element, Boolean inherit)