AspNetCore Antiforgery and Fiddler












0















Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



enter image description here



My Create User page:



@page

@model WebAppTry3.Pages.CreateUserModel

@{

    ViewData["Title"] = "CreateUser";

    Layout = "_layout";

}



<h2>CreateUser</h2>



<form method="post">

    <input asp-for="Name" />

    <input type="submit" value="SKicka" />

</form>


This is how my form looks when displayed as HTML:



<form method="post">

    <input type="text" id="Name" name="Name" value="" />

    <input type="submit" value="SKicka" />

    <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />

</form>


My Razor Page model:



public class CreateUserModel : PageModel

    {

        [BindProperty]

        public string Name { get; set; }



        public string Message = "Hm";



        public void OnGet()

        {            

        }



        public void OnPost()

        {            

            var name = Name;                        

            Message = "Inside the OnPOST";            

        }

    }


I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



User-Agent: Fiddler

Host: localhost:4138

Content-Length: 0

Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>

Request-body

Name: dddd

AntiforgeryFieldname: <long key>


enter image description here



EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.






asp.net-core-2.0 fiddler antiforgerytoken







share|improve this question





























    0















    Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
    I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



    enter image description here



    My Create User page:



    @page
    
@model WebAppTry3.Pages.CreateUserModel
    
@{
    
    ViewData["Title"] = "CreateUser";
    
    Layout = "_layout";
    
}
    

    
<h2>CreateUser</h2>
    

    
<form method="post">
    
    <input asp-for="Name" />
    
    <input type="submit" value="SKicka" />
    
</form>


    This is how my form looks when displayed as HTML:



    <form method="post">
    
    <input type="text" id="Name" name="Name" value="" />
    
    <input type="submit" value="SKicka" />
    
    <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
    
</form>


    My Razor Page model:



    public class CreateUserModel : PageModel
    
    {
    
        [BindProperty]
    
        public string Name { get; set; }
    

    
        public string Message = "Hm";
    

    
        public void OnGet()
    
        {            
    
        }
    

    
        public void OnPost()
    
        {            
    
            var name = Name;                        
    
            Message = "Inside the OnPOST";            
    
        }
    
    }


    I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



    User-Agent: Fiddler
    
Host: localhost:4138
    
Content-Length: 0
    
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
    
Request-body
    
Name: dddd
    
AntiforgeryFieldname: <long key>


    enter image description here



    EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.






    asp.net-core-2.0 fiddler antiforgerytoken







    share|improve this question



























      0












      0








      0


      0






      Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
      I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



      enter image description here



      My Create User page:



      @page
      
@model WebAppTry3.Pages.CreateUserModel
      
@{
      
    ViewData["Title"] = "CreateUser";
      
    Layout = "_layout";
      
}
      

      
<h2>CreateUser</h2>
      

      
<form method="post">
      
    <input asp-for="Name" />
      
    <input type="submit" value="SKicka" />
      
</form>


      This is how my form looks when displayed as HTML:



      <form method="post">
      
    <input type="text" id="Name" name="Name" value="" />
      
    <input type="submit" value="SKicka" />
      
    <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
      
</form>


      My Razor Page model:



      public class CreateUserModel : PageModel
      
    {
      
        [BindProperty]
      
        public string Name { get; set; }
      

      
        public string Message = "Hm";
      

      
        public void OnGet()
      
        {            
      
        }
      

      
        public void OnPost()
      
        {            
      
            var name = Name;                        
      
            Message = "Inside the OnPOST";            
      
        }
      
    }


      I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



      User-Agent: Fiddler
      
Host: localhost:4138
      
Content-Length: 0
      
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
      
Request-body
      
Name: dddd
      
AntiforgeryFieldname: <long key>


      enter image description here



      EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.






      asp.net-core-2.0 fiddler antiforgerytoken







      share|improve this question
















      Which anti-forgery keys is required to make post calls with programs like Postman or Fiddler? It seems like I have both a cookie and also a hidden form-data variable. Which should I use, and how do the anti-forgery checks work?
      I am using a simple web application (ASP Core 2.2.) that saves the user claims as a cookie.



      enter image description here



      My Create User page:



      @page
      
@model WebAppTry3.Pages.CreateUserModel
      
@{
      
    ViewData["Title"] = "CreateUser";
      
    Layout = "_layout";
      
}
      

      
<h2>CreateUser</h2>
      

      
<form method="post">
      
    <input asp-for="Name" />
      
    <input type="submit" value="SKicka" />
      
</form>


      This is how my form looks when displayed as HTML:



      <form method="post">
      
    <input type="text" id="Name" name="Name" value="" />
      
    <input type="submit" value="SKicka" />
      
    <input name="AntiforgeryFieldname" type="hidden" value="<alot of characters...>" />
      
</form>


      My Razor Page model:



      public class CreateUserModel : PageModel
      
    {
      
        [BindProperty]
      
        public string Name { get; set; }
      

      
        public string Message = "Hm";
      

      
        public void OnGet()
      
        {            
      
        }
      

      
        public void OnPost()
      
        {            
      
            var name = Name;                        
      
            Message = "Inside the OnPOST";            
      
        }
      
    }


      I tried to make a POST request with Fiddler with this input data, but I still get a status code 400. I copied the cookie from chrome when I ran the web application.



      User-Agent: Fiddler
      
Host: localhost:4138
      
Content-Length: 0
      
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=<cookie value>
      
Request-body
      
Name: dddd
      
AntiforgeryFieldname: <long key>


      enter image description here



      EDIT : The purpose of the question is to understand which keys I need to get, to make a POST request in my Integration Tests.






      asp.net-core-2.0 fiddler antiforgerytoken




      asp.net-core-2.0 fiddler antiforgerytoken






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 20 at 15:19









      Hp_issei

      42038




      42038










      asked Jan 20 at 14:14









      Olof84Olof84

      117114




      117114
























          1 Answer
          1






          active

          oldest

          votes


















          0














          After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



          Headers



          User-Agent: Fiddler
          

          
Host: localhost:4138
          

          
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
          

          
Content-Length: 192
          

          
Content-Type: application/x-www-form-urlencoded


          Request-body



          Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM





          share|improve this answer

























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54277323%2faspnetcore-antiforgery-and-fiddler%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



            Headers



            User-Agent: Fiddler
            

            
Host: localhost:4138
            

            
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
            

            
Content-Length: 192
            

            
Content-Type: application/x-www-form-urlencoded


            Request-body



            Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM





            share|improve this answer






























              0














              After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



              Headers



              User-Agent: Fiddler
              

              
Host: localhost:4138
              

              
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
              

              
Content-Length: 192
              

              
Content-Type: application/x-www-form-urlencoded


              Request-body



              Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM





              share|improve this answer




























                0












                0








                0







                After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



                Headers



                User-Agent: Fiddler
                

                
Host: localhost:4138
                

                
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
                

                
Content-Length: 192
                

                
Content-Type: application/x-www-form-urlencoded


                Request-body



                Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM





                share|improve this answer















                After a couple of tries with Fiddle I finally managed to make a POST-request that responded with status code 200. These are the input data I used (I copied it from a get request).



                Headers



                User-Agent: Fiddler
                

                
Host: localhost:4138
                

                
Cookie: .AspNetCore.Antiforgery.Outs1Mq9yYA=CfDJ8Ig7LmCVzbFNldSD5Hjy-zm1fb4NILdlKScOD-N5H1EUwD98_nGsCRyWuX0lP82G0nj2tEyaGanTFgIvI9Msv27DNVBh08xFqRjfnB27Fmd0MyXlpW6RH2fX86CXsXZ0lLiUqqNzWcIbQuFgZUt7kQk
                

                
Content-Length: 192
                

                
Content-Type: application/x-www-form-urlencoded


                Request-body



                Name=dddd&__RequestVerificationToken=CfDJ8Ig7LmCVzbFNldSD5Hjy-zko3GB6hZztnIO6UPtkgxZMzPmWQbJft4mxROfI4y-V2yqQ3W9-xAn2kbgY2t9f4M8hkzzwfl7HiDOkRNFdji-pjtgkOhP_wXFJok4J04A5tO7ms_57FT8sqb91qM11-IM






                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 20 at 17:23

























                answered Jan 20 at 16:41









                Olof84Olof84

                117114




                117114
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54277323%2faspnetcore-antiforgery-and-fiddler%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Homophylophilia

                    Image
                    Haec pagina ad tempus protecta est ob maleficia perpetua. Quaesemus, emendationes suggere in pagina disputationis vel magistratum ad hanc deprotegendam pete. Homophylophilia Hyacinthus complexus ab amante suo Apolline, in pictura Mors Hyacinthi quam Jean Broc pinxit. Homophylophilia est sui sexus vel generis amor vel mores romantici vel sexuales, res venerea masculina in masculos, aut mulier in mulieres appetentes. Hoc ingenium sexuale est "exemplar permanens vel inclinatio ad experiendam sexualem, adfectionalem, vel romanticam vim attrahendi," praecipue vel solum ex hominibus eiusdem sexús; notio "etiam ad hominis iudicium identitatis privatae socialisque in illis attractionibus conditum refert, in moribus quoque qui illos exprimant, et in societate communitatis aliorum qui illos communicent." [1] [2] Per aevos alii aliter rem definiverunt, sed Occidentali nostrae aetatis cultu civili non tantum ad ipsa acta erotica spectat, sed etiam igitur
                    Read more

                    Updating UILabel text programmatically using a function

                    Image
                    0 so I am trying to update the UIlabel text using a func. I have seen few other questions like mine and I tried their method but it doesn't work. fun returns no value when used in the UIlabel. I have shown my code below.It has to be noted that when I use the function in viewdidload I can retrieve the data. lazy var name: UILabel = { let lb = UILabel() lb.text? = getthename() lb.lineBreakMode = NSLineBreakMode.byWordWrapping lb.textColor = .mainGreen lb.textAlignment = .left lb.font = UIFont.boldSystemFont(ofSize:12.0) return lb }() func getthename() -> String { var wins : String = "" let ud = (Auth.auth().currentUser?.uid) self.ref = Database.database().reference() self.ref.child("Users").child(ud!).observeSingleEvent(of: .value, with: {(snapshot) in
                    Read more

                    Cloud Functions - OpenCV Videocapture Read method fails for larger files from cloud storage

                    Image
                    0 I created a cloud function to read a video file from cloud storage and read frames and create an image for each frame. This function works for small files which is 1-2 MB, However, this method fails while reading larger file 130 MB. import cv2 from google.cloud import storage vidcap = cv2.VideoCapture("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") if vidcap.isOpened(): vidcap.open("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") success,image = vidcap.read() print(success) Expected the print will return true and an image will hold an image of a first frame. python-3.x function opencv cloud share | improve this question
                    Read more