The web application i have does the antiforgerytoken validation using the .NET core AutoValidateAntiforgeryToken and it passes the token from ajax to web controller.
I have Web API call from the web controller method. Currently my web api method call fails on return when i debug the web controller method, when i add "ValidateAntiForgeryToken" attribute to the Web API method.
Web method code
[Authorize()]
public IActionResult Index()
{
UserLoginTraceHelper.LoginTrace("Insert", ((CustomPrincipal)User).Butterfly_User.UserID, ((CustomPrincipal)User).Butterfly_User.UserContact.TimeZone);
return Redirect("User/Index");
}
UserLoginTraceHelper is the API method that is called from web controller index action
Web API method
/// <summary>
/// Creating a User login Trace
/// </summary>
/// <param name="userLoginTrace"></param>
/// <returns>login trace details</returns>
[HttpPost]
[Route ("CreateUserLoginTrace")]
//[Authorize]
[AutoValidateAntiforgeryToken]
public IActionResult CreateUserLoginTrace( UserLoginTrace userLoginTrace )
{
var userDetails = userServices.CreateUserLoginTrace (userLoginTrace);
if ( userDetails != null )
{
responseMessage = locService.GetLocalizedHtmlString ("AcMgmt_TraceCreated");
return Ok (new APIResponse (Convert.ToInt32 (HttpStatusCode.OK), responseMessage, MethodBase.GetCurrentMethod (), userDetails));
//return Ok(userDetails);
}
else
{
responseMessage = locService.GetLocalizedHtmlString ("AcMgmt_UserLoginTraceFailed");
return BadRequest(new APIResponse (Convert.ToInt32(HttpStatusCode.ExpectationFailed), responseMessage, MethodBase.GetCurrentMethod (), userDetails));
}
}
How can i apply AntiForgery attribute on Web API method too? As going forward these method will be exposed to other non-web application. I need to test the Web API method from Postman with AntiForgery Token attribute applied.
Please suggest an example code to resolve this issue. Thank you in advance for the support.
Aucun commentaire:
Enregistrer un commentaire