Open
Description
openedon Dec 1, 2023
Description
The following doesn't seem to work:
public void ConfigureServices(IServiceCollection services)
{
services.AddAntiforgery(opt =>
{
...
});
services.AddIdentityApiEndpoints<User>(opt => opt.SignIn.RequireConfirmedAccount = true)
.AddRoles<Role>()
.AddEntityFrameworkStores<AppDb>();
services.Configure<IdentityOptions>();
...
}
public void Configure(IApplicationBuilder app)
{
...
app.UseAuthentication();
app.UseAuthorization();
app.UseAntiforgery();
app.UseEndpoints(endpoints =>
{
endpoints.MapGroup("/api/user")
.MapIdentityApi<User>()
.WithMetadata(new RequireAntiforgeryTokenAttribute());
endpoints.MapControllers().WithMetadata(new RequireAntiforgeryTokenAttribute());
});
}
For other endpoints it works as expected (throws an error when tokens are missing), but Identity API endpoints are not validating antiforgery tokens.
Page URL
Content source URL
Document ID
137d4b94-7b26-3911-b22d-42c754a95fc1
Article author
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment