Skip to content

[Antiforgery] Antiforgery middleware executes too early on the pipeline #50818

@javiercn

Description

@javiercn

The Antiforgery middleware executes before the Authentication middleware when wired up implicitly.

#50760
#50612

The issue here is that the antiforgery middleware executes too early on the pipeline when wired up implicitly, as a result, if the user is authenticated, the request token emited for that user contains a hash of the claims.

As at the time the middleware is executed, no user is authenticated yet, the claimsuuid that the middleware computes is null, which causes a token mismatch error.

When the middleware is explicitly wired up on the pipeline, everything works as expected.

Antiforgery.mp4

Metadata

Metadata

Assignees

Labels

area-hostingIncludes HostingbugThis issue describes a behavior which is not expected - a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions