Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie “.AspNetCore.Antiforgery.lUBs-Ula_fY” is not present. at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) Microsoft.AspNetCore.Mvc.RazorPages.Internal.PageActionInvoker:Information: Authorization failed for the request at filter ‘Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.AutoValidateAntiforgeryTokenAuthorizationFilter’. Microsoft.AspNetCore.Mvc.StatusCodeResult:Information: Executing HttpStatusCodeResult, setting HTTP status code 400 Microsoft.AspNetCore.Mvc.RazorPages.Internal.PageActionInvoker:Information: Executed page /SAML/AssertionConsumerService in 89.0379ms Microsoft.AspNetCore.Routing.EndpointMiddleware:Information: Executed endpoint ‘Page: /SAML/AssertionConsumerService’ Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 140.6963ms 400
An antiforgery validation exception occurs if an HTML form with an antiforgery hidden form variable is received but the corresponding antiforgery cookie is not. This is configured through the @Html.AntiForgeryToken() directive in the HTML form.
SAML messages sent using the HTTP-Post binding are received as post data (ie equivalent to posting HTML form variables). However, the post shouldn’t include an antiforgery hidden form variable. Our SAML API doesn’t include antiforgery hidden form variables.
Can you reproduce the issue using the ExampleIdentityProvider and ExampleServiceProvider projects we ship?
Assuming you can’t, I suggest comparing these projects with your application.
If there’s still an issue, please zip up a simple project demonstrating the issue and email it to support@componentspace.com mentioning your forum post.
An antiforgery validation exception occurs if an HTML form with an antiforgery hidden form variable is received but the corresponding antiforgery cookie is not. This is configured through the @Html.AntiForgeryToken() directive in the HTML form.
SAML messages sent using the HTTP-Post binding are received as post data (ie equivalent to posting HTML form variables). However, the post shouldn't include an antiforgery hidden form variable. Our SAML API doesn't include antiforgery hidden form variables.
Can you reproduce the issue using the ExampleIdentityProvider and ExampleServiceProvider projects we ship?
Assuming you can't, I suggest comparing these projects with your application.
If there's still an issue, please zip up a simple project demonstrating the issue and email it to support@componentspace.com mentioning your forum post.
An antiforgery validation exception occurs if an HTML form with an antiforgery hidden form variable is received but the corresponding antiforgery cookie is not. This is configured through the @Html.AntiForgeryToken() directive in the HTML form.
SAML messages sent using the HTTP-Post binding are received as post data (ie equivalent to posting HTML form variables). However, the post shouldn't include an antiforgery hidden form variable. Our SAML API doesn't include antiforgery hidden form variables.
Can you reproduce the issue using the ExampleIdentityProvider and ExampleServiceProvider projects we ship?
Assuming you can't, I suggest comparing these projects with your application.
If there's still an issue, please zip up a simple project demonstrating the issue and email it to support@componentspace.com mentioning your forum post.
[/quote]
Hi Thanks for the response. I solved the problem by adding [IgnoreAntiforgeryToken (Order = 1001)]