question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Blazor server app with authorization, after scaffold identity - logout not working

See original GitHub issue

From @sikira on Thursday, December 12, 2019 7:57:30 PM

In blazor server app with authorization, after scaffold identity into an MVC project with authorization, user can’t logout from blazor ( LoginDisplay.razor ). When user click on logout button in LoginDisplay.razor, it makes bad request

Request URL:https://localhost:5001/Identity/Account/LogOut Request Method:POST Remote Address:127.0.0.1:5001 Status Code:400 ( Bad Request) Version:HTTP/2.0

after this bad POST request :

  • no redirection to another page
  • user stil logged in
  • blazor disconected
  • complete white document is rendered.

Using this documentation. https://docs.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-2.2&tabs=netcore-cli#scaffold-identity-into-an-mvc-project-with-authorization

To Reproduce

  1. dotnet new blazorserver --auth Individual
  2. create new user for testing ( user@user.com / Pass12345! )
  3. login and logout and it’s working
  4. install if not already ( dotnet tool install --global dotnet-aspnet-codegenerator --version 3.1.0 )
  5. add package to project | dotnet add package Microsoft.VisualStudio.Web.CodeGeneration.Design --version 3.1.0
  6. add package to project | dotnet add package Microsoft.EntityFrameworkCore.SqlServer --version 3.1.0
  7. do a scaffold | dotnet aspnet-codegenerator identity -dc BlazorScaffoldedIdentity.Data.ApplicationDbContext --force
  8. logout from blazor - not working
  9. using instructions from ScaffoldingReadMe.txt
  10. logout from blazor - not working

NOTE:

  1. if user go to https://localhost:5001/Identity/Account/Manage , then from _MangeNav.cshtml can succesfuly LogOut from app.

WORKAROUND NUMBER 1:

  1. Add [IgnoreAntiforgeryToken] in “LogOut.cshtml.cs” file

WORKAROUND NUMBER 2:

  1. delete files in areas/pages/account “LogOut.cshtml” and “LogOut.cshtml.cs”, and create new file that is like the one before scaffold ( “LogOut.cshtml” )
  2. if not using --force , then Building project …Build Failed. ( but possibly to specify every file except “LogOut.cshtml” , --files “Account.Register;Account.Login” )
  @page
  @using Microsoft.AspNetCore.Identity
  @attribute [IgnoreAntiforgeryToken]
  @inject SignInManager<IdentityUser> SignInManager
  @functions {
      public async Task<IActionResult> OnPost()
      {
          if (SignInManager.IsSignedIn(User)){await SignInManager.SignOutAsync();}
          return Redirect("~/");
      }
  }

REPOS

and the orginal version with wrong behaviour https://github.com/sikira/BlazorScaffoldedIdentity/tree/withbug

repo with sample project with workaround https://github.com/sikira/BlazorScaffoldedIdentity/tree/master

SIDE NOTES:
  1. This behaviour happend in version 3.0.100 and in 3.1.0, but in .Net Core 3.0.100 this is writen in console: info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1] Executed endpoint ‘/_blazor’ Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint ‘/_blazor’ info: Microsoft.AspNetCore.Hosting.Diagnostics[2] Request finished in 21743.366ms 101 Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 21743.366ms 101 info: Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter[1] Antiforgery token validation failed. The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter: Information: Antiforgery token validation failed. The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery request token was not provided in either form field “__RequestVerificationToken” or header value “RequestVerificationToken”. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[3] Authorization failed for the request at filter ‘Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter’. Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Authorization failed for the request at filter ‘Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter’. info: Microsoft.AspNetCore.Mvc.StatusCodeResult[1] Executing HttpStatusCodeResult, setting HTTP status code 400 Microsoft.AspNetCore.Mvc.StatusCodeResult: Information: Executing HttpStatusCodeResult, setting HTTP status code 400 info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[4]

Further technical details

  • ASP.NET Core version 3.1.100

.NET Core SDK (reflecting any global.json): Version: 3.1.100 Commit: cd82f021f4

Runtime Environment: OS Name: Windows OS Version: 10.0.17763 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\3.1.100\

Host (useful for support): Version: 3.1.0 Commit: 65f04fb6db

.NET Core SDKs installed: 3.0.100 [C:\Program Files\dotnet\sdk] 3.1.100 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed: Microsoft.AspNetCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

  • VS Code 1.40.2

[blazor]
[identity] [scaffold] [logout]

Copied from original issue: dotnet/aspnetcore#17839

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:24 (19 by maintainers)

github_iconTop GitHub Comments

3reactions
deepchoudherycommented, Mar 23, 2020

Fixed in VS as it ended not being a aspnet/scaffolding issue. Should be working in VS 16.6 Preview 3 and onwards.

2reactions
sikiracommented, May 19, 2020

@danroth27 I have an existing BSSA (blazor server-side app) with facebook external login. I scaffolded everything and indeed I can’t log out anymore. I can only logout if I click on “Log out” from the Manage section in Identity.

after reading this I have deleted the LogOut.cshtml page which was scaffolded, but still logout doesn’t work.

How can I make it work?

should I try workaround #1 or #2 from dotnet/aspnetcore#17839 ?

I would recommend workaround 1. In that case you don’t need to delete anything, just add [IgnoreAntiforgeryToken] in “LogOut.cshtml.cs” file

Read more comments on GitHub >

github_iconTop Results From Across the Web

Blazor server app with authorization, after scaffold identity - ...
In blazor server app with authorization, after scaffold identity into an MVC project with authorization, user can't logout from blazor ( ...
Read more >
Scaffold Identity fails in .Net5 Blazor Server
I've tried with a new Blazor Server project and it works with: Specify at least one override (I've selected Login, Logout and Registration) ......
Read more >
Asp.Net Core Blazor Logout does not work (redirecting to ...
I'm facing a issue, that the user cannot log out, because the logout does get redirected to a path that's non existend. I've...
Read more >
Blazor Server and the Logout Problem
Explore the logout issues with Blazor Server applications and learn ... After authentication, you should see a page with the user details ...
Read more >
there's a bug where the logout link stops working if you ...
Fair warning - there's a bug where the logout link stops working if you create a project in VS with authentication built-in and...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found