Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter #9426

carl.hallqvist created 9 days ago

I have deployed my service using the provided Helm charts. But once testing it in Swagger (the authentication seems be ok) I got the following error from server.

[20:24:45 INF] Request starting HTTP/1.1 POST http://myproject-ticket/api/ticket/tickets - application/json 333
[20:24:45 INF] CORS policy execution successful.
[20:24:45 INF] Executing endpoint 'myproject.TicketService.Tickets.TicketsAppService.CreateAsync (myproject.TicketService)'
[20:24:45 INF] Route matched with {action = "Create", controller = "Tickets", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[myproject.TicketService.Tickets.TicketDto] CreateAsync(myproject.TicketService.Tickets.TicketCreateDto) on controller myproject.TicketService.Tickets.TicketsAppService (myproject.TicketService).
[20:24:45 WRN] The required antiforgery cookie ".AspNetCore.Antiforgery.Pqki2eFce9s" is not present.
[20:24:45 INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
[20:24:45 INF] Executing StatusCodeResult, setting HTTP status code 400
[20:24:45 INF] Executed action myproject.TicketService.Tickets.TicketsAppService.CreateAsync (myproject.TicketService) in 1.4636ms
[20:24:45 INF] Executed endpoint 'myproject.TicketService.Tickets.TicketsAppService.CreateAsync (myproject.TicketService)'
[20:24:45 INF] Request finished HTTP/1.1 POST http://myproject-ticket/api/ticket/tickets - 400 0 null 28.3141ms

Do you have any idea what the problem is?

Thanks

Go to accepted answer

maliming created 8 days ago

Support Team Fullstack Developer

Can you try to use HTTPS instead of HTTP? Otherwise, you need to handle the Cookies. https://learn.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-9.0#api-usage-with-samesite https://learn.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-9.0#supporting-older-browsers

Thanks.

carl.hallqvist created 8 days ago

For some reason it seems to only be related to Safari web browser, and not Chrome. Any ideas why?

Thanks

maliming created 5 days ago

Support Team Fullstack Developer

This is the difference in cookie policies between Safari and Chrome browsers.

You can check this article https://abp.io/community/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n

carl.hallqvist created 4 days ago

Thanks, I will take a look :-)

maliming created 3 days ago

Support Team Fullstack Developer

; )

Have an answer to this question? Log in and write your answer.

Question details

ABP Version (vX.X.X)

Database Management System

Tiered (MVC) or Auth Server Separated (Angular)

Boost Your Development

ABP Live Training
Packages

See Trainings

The Official Guide

Mastering
ABP Framework

Learn More

5 Answer(s)

ABP Live TrainingPackages

MasteringABP Framework

ABP Live Training
Packages

Mastering
ABP Framework