Open Closed

Antiforgery token validation failed when invoking negotiate endpoint of signalR #2180


User avatar
0
neethucp created
  • ABP Framework version: v4.4.3
  • UI type: Blazor Server
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes

We have a microservice project set up with blazor server front end project. We are trying to send notificatio on status change using signalR. We have created a hub inheriting from AbpHub and followed Microsofot's documentation to connect to hub from blazor server project. We are getting "Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.RfvzpqGUp6I" is not present." when hubConnection.StartAsync() is invoked.

Do we have to add any configuration to make this work?


12 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi neethucp

    How can I reproduce this problem? Can you share some code and steps?

  • User Avatar
    0
    neethucp created

    Hi, It is a microservice template project with blazor server front end. We just created a hub in blazor server project and implemented hub connection from a razor page using "Microsoft.AspNetCore.SignalR.Client" package. Please find the signalR hub connection code below. "await hubConnection.StartAsync();" would invoke the signalR negotiate endpoint POST https://localhost:44314/signalr-hubs/applicationstatuschangenotification/negotiate?negotiateVersion=1 - 0

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks I will check.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you try to add csrf token to cookies and Headers?

    https://github.com/abpframework/abp/blob/rel-4.4/framework/src/Volo.Abp.AspNetCore.Components.Web/Volo/Abp/AspNetCore/Components/Web/AbpBlazorClientHttpMessageHandler.cs#L75

    https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.signalr.client.hubconnectionbuilderhttpextensions.withurl?view=aspnetcore-5.0#Microsoft_AspNetCore_SignalR_Client_HubConnectionBuilderHttpExtensions_WithUrl_Microsoft_AspNetCore_SignalR_Client_IHubConnectionBuilder_System_Uri_System_Action_Microsoft_AspNetCore_Http_Connections_Client_HttpConnectionOptions__

    https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.connections.client.httpconnectionoptions?view=aspnetcore-5.0#properties

  • User Avatar
    0
    neethucp created

    Hi, I have already tried passing the RequestVerificationToken and the cookies to signalR connection. But it is giving the same error. ".AspNetCore.Antiforgery.RfvzpqGUp6I" is not present." This cookie ".AspNetCore.Antiforgery.RfvzpqGUp6I" doesn't exist in the browser cookies. Instead there is a similar cookie with name ".AspNetCore.Antiforgery.dHbfFikoQ1Y".

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you debug the c# code and check the browser network panel to see if the header and cookies are sent?

  • User Avatar
    0
    neethucp created

    Hi,

    Cookies and request header are getting passed. We are using blazor server hosting model and not web assembly. We only have ".AspNetCore.Antiforgery.dHbfFikoQ1Y" cookie in the browser which is set from auth server. Not sure why it is trying to validate antiforgery token ".AspNetCore.Antiforgery.RfvzpqGUp6I" from blazor server.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Can you use the template project to reproduce the problem and share it with me? liming.ma@volosoft.com

  • User Avatar
    0
    neethucp created

    Hi, The issue was due to the incorrect signalR url. The url didn't have the hub name in kebab-case. It started working after url changed to "/signalr-hubs/application-status-change-notification". But now getting issue with authorization. The token is getting passed in Authorization header, but signalR negotiation gives the following error.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you check these? https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-6.0#built-in-jwt-authentication https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-6.0#identity-server-jwt-authentication

  • User Avatar
    0
    neethucp created

    Hi, I'm getting the token in the Authorization header. But I'm still getting unauthorized.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Try to add app.UseJwtTokenMiddleware();

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19