AspNetCore Antiforgery and Fiddler












0















Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



enter image description here



My Create User page:



@page
@model WebAppTry3.Pages.CreateUserModel
@{
ViewData["Title"] = "CreateUser";
Layout = "_layout";
}

<h2>CreateUser</h2>

<form method="post">
<input asp-for="Name" />
<input type="submit" value="SKicka" />
</form>


This is how my form looks when displayed as HTML:



<form method="post">
<input type="text" id="Name" name="Name" value="" />
<input type="submit" value="SKicka" />
<input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
</form>


My Razor Page model:



public class CreateUserModel : PageModel
{
[BindProperty]
public string Name { get; set; }

public string Message = "Hm";

public void OnGet()
{
}

public void OnPost()
{
var name = Name;
Message = "Inside the OnPOST";
}
}


I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



User-Agent: Fiddler
Host: localhost:4138
Content-Length: 0
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
Request-body
Name: dddd
AntiforgeryFieldname: <long key>


enter image description here



EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.










share|improve this question





























    0















    Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
    I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



    enter image description here



    My Create User page:



    @page
    @model WebAppTry3.Pages.CreateUserModel
    @{
    ViewData["Title"] = "CreateUser";
    Layout = "_layout";
    }

    <h2>CreateUser</h2>

    <form method="post">
    <input asp-for="Name" />
    <input type="submit" value="SKicka" />
    </form>


    This is how my form looks when displayed as HTML:



    <form method="post">
    <input type="text" id="Name" name="Name" value="" />
    <input type="submit" value="SKicka" />
    <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
    </form>


    My Razor Page model:



    public class CreateUserModel : PageModel
    {
    [BindProperty]
    public string Name { get; set; }

    public string Message = "Hm";

    public void OnGet()
    {
    }

    public void OnPost()
    {
    var name = Name;
    Message = "Inside the OnPOST";
    }
    }


    I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



    User-Agent: Fiddler
    Host: localhost:4138
    Content-Length: 0
    Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
    Request-body
    Name: dddd
    AntiforgeryFieldname: <long key>


    enter image description here



    EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.










    share|improve this question



























      0












      0








      0


      0






      Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
      I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



      enter image description here



      My Create User page:



      @page
      @model WebAppTry3.Pages.CreateUserModel
      @{
      ViewData["Title"] = "CreateUser";
      Layout = "_layout";
      }

      <h2>CreateUser</h2>

      <form method="post">
      <input asp-for="Name" />
      <input type="submit" value="SKicka" />
      </form>


      This is how my form looks when displayed as HTML:



      <form method="post">
      <input type="text" id="Name" name="Name" value="" />
      <input type="submit" value="SKicka" />
      <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
      </form>


      My Razor Page model:



      public class CreateUserModel : PageModel
      {
      [BindProperty]
      public string Name { get; set; }

      public string Message = "Hm";

      public void OnGet()
      {
      }

      public void OnPost()
      {
      var name = Name;
      Message = "Inside the OnPOST";
      }
      }


      I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



      User-Agent: Fiddler
      Host: localhost:4138
      Content-Length: 0
      Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
      Request-body
      Name: dddd
      AntiforgeryFieldname: <long key>


      enter image description here



      EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.










      share|improve this question
















      Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
      I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



      enter image description here



      My Create User page:



      @page
      @model WebAppTry3.Pages.CreateUserModel
      @{
      ViewData["Title"] = "CreateUser";
      Layout = "_layout";
      }

      <h2>CreateUser</h2>

      <form method="post">
      <input asp-for="Name" />
      <input type="submit" value="SKicka" />
      </form>


      This is how my form looks when displayed as HTML:



      <form method="post">
      <input type="text" id="Name" name="Name" value="" />
      <input type="submit" value="SKicka" />
      <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
      </form>


      My Razor Page model:



      public class CreateUserModel : PageModel
      {
      [BindProperty]
      public string Name { get; set; }

      public string Message = "Hm";

      public void OnGet()
      {
      }

      public void OnPost()
      {
      var name = Name;
      Message = "Inside the OnPOST";
      }
      }


      I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



      User-Agent: Fiddler
      Host: localhost:4138
      Content-Length: 0
      Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
      Request-body
      Name: dddd
      AntiforgeryFieldname: <long key>


      enter image description here



      EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.







      asp.net-core-2.0 fiddler antiforgerytoken






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 20 at 15:19









      Hp_issei

      42038




      42038










      asked Jan 20 at 14:14









      Olof84Olof84

      117114




      117114
























          1 Answer
          1






          active

          oldest

          votes


















          0














          After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



          Headers



          User-Agent: Fiddler

          Host: localhost:4138

          Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk

          Content-Length: 192

          Content-Type: application/x-www-form-urlencoded


          Request-body



          Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM 





          share|improve this answer

























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54277323%2faspnetcore-antiforgery-and-fiddler%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



            Headers



            User-Agent: Fiddler

            Host: localhost:4138

            Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk

            Content-Length: 192

            Content-Type: application/x-www-form-urlencoded


            Request-body



            Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM 





            share|improve this answer






























              0














              After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



              Headers



              User-Agent: Fiddler

              Host: localhost:4138

              Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk

              Content-Length: 192

              Content-Type: application/x-www-form-urlencoded


              Request-body



              Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM 





              share|improve this answer




























                0












                0








                0







                After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



                Headers



                User-Agent: Fiddler

                Host: localhost:4138

                Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk

                Content-Length: 192

                Content-Type: application/x-www-form-urlencoded


                Request-body



                Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM 





                share|improve this answer















                After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



                Headers



                User-Agent: Fiddler

                Host: localhost:4138

                Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk

                Content-Length: 192

                Content-Type: application/x-www-form-urlencoded


                Request-body



                Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM 






                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 20 at 17:23

























                answered Jan 20 at 16:41









                Olof84Olof84

                117114




                117114
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54277323%2faspnetcore-antiforgery-and-fiddler%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    How fix org.hibernate.TransientPropertyValueException

                    Updating UILabel text programmatically using a function

                    Cloud Functions - OpenCV Videocapture Read method fails for larger files from cloud storage