Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Blazor server app with authorization, after scaffold identity - logout not working
See original GitHub issueIn blazor server app with authorization, after scaffold identity into an MVC project with authorization, user can’t logout from blazor ( LoginDisplay.razor ). When user click on logout button in LoginDisplay.razor, it makes bad request
Request URL:https://localhost:5001/Identity/Account/LogOut Request Method:POST Remote Address:127.0.0.1:5001 Status Code:400 ( Bad Request) Version:HTTP/2.0
after this bad POST request :
- no redirection to another page
- user stil logged in
- blazor disconected
- complete white document is rendered.
Using this documentation. https://docs.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-2.2&tabs=netcore-cli#scaffold-identity-into-an-mvc-project-with-authorization
To Reproduce
- dotnet new blazorserver --auth Individual
- create new user for testing ( user@user.com / Pass12345! )
- login and logout and it’s working
- install if not already ( dotnet tool install --global dotnet-aspnet-codegenerator --version 3.1.0 )
- add package to project | dotnet add package Microsoft.VisualStudio.Web.CodeGeneration.Design --version 3.1.0
- add package to project | dotnet add package Microsoft.EntityFrameworkCore.SqlServer --version 3.1.0
- do a scaffold | dotnet aspnet-codegenerator identity -dc BlazorScaffoldedIdentity.Data.ApplicationDbContext --force
- logout from blazor - not working
- using instructions from ScaffoldingReadMe.txt
- logout from blazor - not working
NOTE:
- if user go to https://localhost:5001/Identity/Account/Manage , then from _MangeNav.cshtml can succesfuly LogOut from app.
WORKAROUND NUMBER 1:
- Add [IgnoreAntiforgeryToken] in “LogOut.cshtml.cs” file
WORKAROUND NUMBER 2:
- delete files in areas/pages/account “LogOut.cshtml” and “LogOut.cshtml.cs”, and create new file that is like the one before scaffold ( “LogOut.cshtml” )
- if not using --force , then Building project …Build Failed. ( but possibly to specify every file except “LogOut.cshtml” , --files “Account.Register;Account.Login” )
@page
@using Microsoft.AspNetCore.Identity
@attribute [IgnoreAntiforgeryToken]
@inject SignInManager<IdentityUser> SignInManager
@functions {
public async Task<IActionResult> OnPost()
{
if (SignInManager.IsSignedIn(User)){await SignInManager.SignOutAsync();}
return Redirect("~/");
}
}
REPOS
and the orginal version with wrong behaviour https://github.com/sikira/BlazorScaffoldedIdentity/tree/withbug
repo with sample project with workaround https://github.com/sikira/BlazorScaffoldedIdentity/tree/master
SIDE NOTES:
- This behaviour happend in version 3.0.100 and in 3.1.0, but in .Net Core 3.0.100 this is writen in console: info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1] Executed endpoint ‘/_blazor’ Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint ‘/_blazor’ info: Microsoft.AspNetCore.Hosting.Diagnostics[2] Request finished in 21743.366ms 101 Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 21743.366ms 101 info: Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter[1] Antiforgery token validation failed. The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter: Information: Antiforgery token validation failed. The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[3] Authorization failed for the request at filter ‘Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter’. Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Authorization failed for the request at filter ‘Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter’. info: Microsoft.AspNetCore.Mvc.StatusCodeResult[1] Executing HttpStatusCodeResult, setting HTTP status code 400 Microsoft.AspNetCore.Mvc.StatusCodeResult: Information: Executing HttpStatusCodeResult, setting HTTP status code 400 info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[4]
Further technical details
- ASP.NET Core version 3.1.100
.NET Core SDK (reflecting any global.json): Version: 3.1.100 Commit: cd82f021f4
Runtime Environment: OS Name: Windows OS Version: 10.0.17763 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\3.1.100\
Host (useful for support): Version: 3.1.0 Commit: 65f04fb6db
.NET Core SDKs installed: 3.0.100 [C:\Program Files\dotnet\sdk] 3.1.100 [C:\Program Files\dotnet\sdk]
.NET Core runtimes installed: Microsoft.AspNetCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
- VS Code 1.40.2
[blazor]
[identity]
[scaffold]
[logout]
Issue Analytics
- State:
- Created 4 years ago
- Comments:17 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@pm64 your comment intrigued me to try to investigate more, and i find out that the issue is actually about antiforgery token. Another and better fix would be to put atribute [IgnoreAntiforgeryToken] on top of LogoutModel class in “LogOut.cshtml.cs” file. I’ve add this fix to orginal issue.
@sikira amazing catch!! This is precisely the issue, You have saved me many hours of hair-pulling and cursing. Huge thanks!