Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

4 Comments

  1. Hello Mukesh,
    Thank you for all your .NET work on AWS. Not a lot of up to date tutorials on .NET and AWS unless from MS or AWS. I am trying to get this simple demo working but I am receiving a ‘antiforgery’ response error from the localhost. I googled around and tried a few things but nothing is getting me past this error. Do you have any ideas on how to fix it or why it is happening?
    Thanks.

    System.InvalidOperationException: Endpoint HTTP: POST upload contains anti-forgery metadata, but a middleware was not found that supports anti-forgery.
    Configure your application startup by adding app.UseAntiforgery() in the application startup code. If there are calls to app.UseRouting() and app.UseEndpoints(…), the call to app.UseAntiforgery() must go between them. Calls to app.UseAntiforgery() must be placed after calls to app.UseAuthentication() and app.UseAuthorization().
    at Microsoft.AspNetCore.Routing.EndpointMiddleware.ThrowMissingAntiforgeryMiddlewareException(Endpoint endpoint)
    at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
    at Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware.Invoke(HttpContext context)
    at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
    at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
    at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
    at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

    HEADERS
    =======
    Accept: */*
    Host: localhost:7129
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryzAUEV69NvuOywFjq
    Origin: https://localhost:7129
    Referer: https://localhost:7129/swagger/index.html
    Content-Length: 11017
    sec-ch-ua: “Google Chrome”;v=”117″, “Not;A=Brand”;v=”8″, “Chromium”;v=”117″
    DNT: 1
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: “Windows”
    sec-fetch-site: same-origin
    sec-fetch-mode: cors
    sec-fetch-dest: empty

  2. Hi Mukesh,
    Thanks for your work on AWS & .NET technology tutorials. I am having a problem with the minimal API example and CSRF. I tried using this solution:
    https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-7.0#antiforgery-with-minimal-apis-1

    Can you help me out with some advice on how to get around this problem? Thanks.

    Error detail:
    System.InvalidOperationException: Endpoint HTTP: POST upload contains anti-forgery metadata, but a middleware was not found that supports anti-forgery.
    Configure your application startup by adding app.UseAntiforgery() in the application startup code. If there are calls to app.UseRouting() and app.UseEndpoints(…), the call to app.UseAntiforgery() must go between them. Calls to app.UseAntiforgery() must be placed after calls to app.UseAuthentication() and app.UseAuthorization().
    at Microsoft.AspNetCore.Routing.EndpointMiddleware.ThrowMissingAntiforgeryMiddlewareException(Endpoint endpoint)
    at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
    at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
    at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
    at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
    at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

    HEADERS
    =======
    Accept: */*
    Host: localhost:7129
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Content-Type: multipart/form-data; boundary=—-WebKitFormBoundary2IEKUjAGinwjA7EJ
    Origin: https://localhost:7129
    Referer: https://localhost:7129/swagger/index.html
    Content-Length: 11017
    sec-ch-ua: “Google Chrome”;v=”117″, “Not;A=Brand”;v=”8″, “Chromium”;v=”117″
    DNT: 1
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: “Windows”
    sec-fetch-site: same-origin
    sec-fetch-mode: cors
    sec-fetch-dest: empty

    1. Hi there, I believe you are on .NET 8 preview+ SDK? If that is the case, Microsoft has made it mandatory to include anti-forgery tokens if your POST method accepts form data like, maybe IFormFile. You can either implement anti-forgery or completely disable it (if you think it is safe) by using .DisableAntiforgery() to your minimal api. Thanks!

      1. Thanks for the reply Mukesh. I would like to get the AntiForgery working with the minimal API .NET 8 preview but all the diff options I tried do not work. It’s difficult to debug as you just get back the status 500. I am thinking of doing the demo w/o the minimal API and trying that.