- ABP Framework version: v7.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
- AzureOpenId auth login
- Registered AddOpenIdConnect("AzureOpenId", "Azure AD OpenId"
- Angular login flow responseType: 'code
App is working well, Login authtoken etc everything works well.
The used case is I want to use app in iframe as well For this I enabled
app.Use(async (context, next) =>
{
context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors https://xyz.com");
await next();
});
iFrame is loading the login page correctly but the issue is when I click on login button it throw exception of 400 bad request. which is due to antiforgery cookie
Log
2023-09-26 16:36:47.704 +05:30 [INF] Executing endpoint '/Account/Login' 2023-09-26 16:36:47.704 +05:30 [INF] Route matched with {page = "/Account/Login", action = "", controller = "", area = ""}. Executing page /Account/Login 2023-09-26 16:36:47.704 +05:30 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-09-26 16:36:47.708 +05:30 [INF] Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.jZ1YYv9-FIY" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.jZ1YYv9-FIY" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) 2023-09-26 16:36:47.709 +05:30 [INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'. 2023-09-26 16:36:47.715 +05:30 [INF] Executing StatusCodeResult, setting HTTP status code 400 2023-09-26 16:36:47.715 +05:30 [INF] Executed page /Account/Login in 10.3035ms 2023-09-26 16:36:47.715 +05:30 [INF] Executed endpoint '/Account/Login'
How can I fix this in iFrame?
2 Answer(s)
-
0
Also If you can suggest me how we can do the following thing, which will satisfy the case of authentication/Antiforgery and azure ad
Once the angular app navigated for auth in api, that navigation should happen in a popup. and token will be passed back to angular after authentication in popup.
-
0
hi
Please check the request in the browser. I think the browser blocks some cookies.