I was trying to use ValidateAntiForgeryToken in .Net Core but I was getting .AspNetCore.Antiforgery.xxxxxxx cookie is missing.
What is this .AspNetCore.Antiforgery.xxxxxxx cookie?
I was trying to use ValidateAntiForgeryToken in .Net Core but I was getting .AspNetCore.Antiforgery.xxxxxxx cookie is missing.
What is this .AspNetCore.Antiforgery.xxxxxxx cookie?
ASP.NET Core looks for this cookie to find the X-CSRF token.
The
ValidateAntiForgeryToken
is an action filter that can be applied to an individual action, a controller, or globally for the app. Requests made to actions that have this filter applied will be blocked unless the request includes a valid antiforgery token.
In general ASP.NET Core may look for the token in cookie or header. So you may have the situation when
By default, the ASP.NET Core will generate and expect a unique cookie name beginning with the DefaultCookiePrefix (".AspNetCore.Antiforgery.").
This could be overriden using an antiforgery option CookieName
:
services.AddAntiforgery(options => options.CookieName = "X-CSRF-TOKEN-COOKIENAME");
For .Net Core 2.0.0 or greater there will be changes:
For that use following:
services.AddAntiforgery(options => options.Cookie.Name = "X-CSRF-TOKEN-COOKIENAME");
If talking about header, name could be specified by:
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
Look into:
© 2022 - 2024 — McMap. All rights reserved.
Antiforgery
is somehow already added by default, you can configure it in the way shown here: github.com/aspnet/Antiforgery/issues/97#issue-169311974 – Teddman