AspNetCore Antiforgery and Fiddler
Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.
My Create User page:
@page
@model WebAppTry3.Pages.CreateUserModel
@{
ViewData["Title"] = "CreateUser";
Layout = "_layout";
}
<h2>CreateUser</h2>
<form method="post">
<input asp-for="Name" />
<input type="submit" value="SKicka" />
</form>
This is how my form looks when displayed as HTML:
<form method="post">
<input type="text" id="Name" name="Name" value="" />
<input type="submit" value="SKicka" />
<input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
</form>
My Razor Page model:
public class CreateUserModel : PageModel
{
[BindProperty]
public string Name { get; set; }
public string Message = "Hm";
public void OnGet()
{
}
public void OnPost()
{
var name = Name;
Message = "Inside the OnPOST";
}
}
I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.
User-Agent: Fiddler
Host: localhost:4138
Content-Length: 0
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
Request-body
Name: dddd
AntiforgeryFieldname: <long key>
EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.
asp.net-core-2.0 fiddler antiforgerytoken
edited Jan 20 at 15:19
Hp_issei
42038
asked Jan 20 at 14:14
Olof84Olof84
117114
add a comment |
Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.
My Create User page:
@page
@model WebAppTry3.Pages.CreateUserModel
@{
ViewData["Title"] = "CreateUser";
Layout = "_layout";
}
<h2>CreateUser</h2>
<form method="post">
<input asp-for="Name" />
<input type="submit" value="SKicka" />
</form>
This is how my form looks when displayed as HTML:
<form method="post">
<input type="text" id="Name" name="Name" value="" />
<input type="submit" value="SKicka" />
<input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
</form>
My Razor Page model:
public class CreateUserModel : PageModel
{
[BindProperty]
public string Name { get; set; }
public string Message = "Hm";
public void OnGet()
{
}
public void OnPost()
{
var name = Name;
Message = "Inside the OnPOST";
}
}
I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.
User-Agent: Fiddler
Host: localhost:4138
Content-Length: 0
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
Request-body
Name: dddd
AntiforgeryFieldname: <long key>
EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.
asp.net-core-2.0 fiddler antiforgerytoken
edited Jan 20 at 15:19
Hp_issei
42038
asked Jan 20 at 14:14
Olof84Olof84
117114
add a comment |
Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.
My Create User page:
@page
@model WebAppTry3.Pages.CreateUserModel
@{
ViewData["Title"] = "CreateUser";
Layout = "_layout";
}
<h2>CreateUser</h2>
<form method="post">
<input asp-for="Name" />
<input type="submit" value="SKicka" />
</form>
This is how my form looks when displayed as HTML:
<form method="post">
<input type="text" id="Name" name="Name" value="" />
<input type="submit" value="SKicka" />
<input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
</form>
My Razor Page model:
public class CreateUserModel : PageModel
{
[BindProperty]
public string Name { get; set; }
public string Message = "Hm";
public void OnGet()
{
}
public void OnPost()
{
var name = Name;
Message = "Inside the OnPOST";
}
}
I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.
User-Agent: Fiddler
Host: localhost:4138
Content-Length: 0
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
Request-body
Name: dddd
AntiforgeryFieldname: <long key>
EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.
asp.net-core-2.0 fiddler antiforgerytoken
edited Jan 20 at 15:19
Hp_issei
42038
asked Jan 20 at 14:14
Olof84Olof84
117114
Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.
My Create User page:
@page
@model WebAppTry3.Pages.CreateUserModel
@{
ViewData["Title"] = "CreateUser";
Layout = "_layout";
}
<h2>CreateUser</h2>
<form method="post">
<input asp-for="Name" />
<input type="submit" value="SKicka" />
</form>
This is how my form looks when displayed as HTML:
<form method="post">
<input type="text" id="Name" name="Name" value="" />
<input type="submit" value="SKicka" />
<input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
</form>
My Razor Page model:
public class CreateUserModel : PageModel
{
[BindProperty]
public string Name { get; set; }
public string Message = "Hm";
public void OnGet()
{
}
public void OnPost()
{
var name = Name;
Message = "Inside the OnPOST";
}
}
I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.
User-Agent: Fiddler
Host: localhost:4138
Content-Length: 0
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
Request-body
Name: dddd
AntiforgeryFieldname: <long key>
EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.
asp.net-core-2.0 fiddler antiforgerytoken
asp.net-core-2.0 fiddler antiforgerytoken
edited Jan 20 at 15:19
Hp_issei
42038
asked Jan 20 at 14:14
Olof84Olof84
117114
edited Jan 20 at 15:19
Hp_issei
42038
asked Jan 20 at 14:14
Olof84Olof84
117114
edited Jan 20 at 15:19
Hp_issei
42038
edited Jan 20 at 15:19
Hp_issei
42038
edited Jan 20 at 15:19
Hp_issei
42038
42038
asked Jan 20 at 14:14
Olof84Olof84
117114
asked Jan 20 at 14:14
Olof84Olof84
117114
asked Jan 20 at 14:14
Olof84Olof84
117114
117114
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).
Headers
User-Agent: Fiddler
Host: localhost:4138
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Request-body
Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM
answered Jan 20 at 16:41
Olof84Olof84
117114
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54277323%2faspnetcore-antiforgery-and-fiddler%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).
Headers
User-Agent: Fiddler
Host: localhost:4138
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Request-body
Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM
answered Jan 20 at 16:41
Olof84Olof84
117114
add a comment |
After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).
Headers
User-Agent: Fiddler
Host: localhost:4138
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Request-body
Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM
answered Jan 20 at 16:41
Olof84Olof84
117114
add a comment |
After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).
Headers
User-Agent: Fiddler
Host: localhost:4138
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Request-body
Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM
answered Jan 20 at 16:41
Olof84Olof84
117114
After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).
Headers
User-Agent: Fiddler
Host: localhost:4138
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Request-body
Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM
answered Jan 20 at 16:41
Olof84Olof84
117114
edited Jan 20 at 17:23
answered Jan 20 at 16:41
Olof84Olof84
117114
answered Jan 20 at 16:41
Olof84Olof84
117114
answered Jan 20 at 16:41
Olof84Olof84
117114
117114
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54277323%2faspnetcore-antiforgery-and-fiddler%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
