Skip to content

[Antiforgery] Antiforgery middleware executes too early on the pipeline #50818

New issue
New issue
Closed
Closed
[Antiforgery] Antiforgery middleware executes too early on the pipeline#50818
Assignees
captainsafia
Labels
area-hostingIncludes HostingbugThis issue describes a behavior which is not expected - a bug.
Milestone
8.0-rc2
@javiercn

Description

@javiercn
javiercn
opened on Sep 19, 2023

The Antiforgery middleware executes before the Authentication middleware when wired up implicitly.

#50760
#50612

The issue here is that the antiforgery middleware executes too early on the pipeline when wired up implicitly, as a result, if the user is authenticated, the request token emited for that user contains a hash of the claims.

As at the time the middleware is executed, no user is authenticated yet, the claimsuuid that the middleware computes is null, which causes a token mismatch error.

When the middleware is explicitly wired up on the pipeline, everything works as expected.

Antiforgery.mp4

Metadata

Metadata

Assignees

Labels

area-hostingIncludes HostingbugThis issue describes a behavior which is not expected - a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions