-
Notifications
You must be signed in to change notification settings - Fork 10.4k
Closed
Labels
area-hostingIncludes HostingIncludes HostingbugThis issue describes a behavior which is not expected - a bug.This issue describes a behavior which is not expected - a bug.
Milestone
Description
The Antiforgery middleware executes before the Authentication middleware when wired up implicitly.
The issue here is that the antiforgery middleware executes too early on the pipeline when wired up implicitly, as a result, if the user is authenticated, the request token emited for that user contains a hash of the claims.
As at the time the middleware is executed, no user is authenticated yet, the claimsuuid that the middleware computes is null, which causes a token mismatch error.
When the middleware is explicitly wired up on the pipeline, everything works as expected.
Antiforgery.mp4
Metadata
Metadata
Assignees
Labels
area-hostingIncludes HostingIncludes HostingbugThis issue describes a behavior which is not expected - a bug.This issue describes a behavior which is not expected - a bug.