Skip to content
/ asp-net-core-dashboard-antiforgery Public

How to apply antiforgery request validation to the ASP.NET Core Dashboard control.

License

View license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DevExpress-Examples/asp-net-core-dashboard-antiforgery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
.github/workflows
.github/workflows
 
 
CS
CS
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
config.json
config.json
 
 
readme.md
readme.md
 
 

Repository files navigation

BI Dashboard for ASP.NET Core - How to Prevent Cross-Site Request Forgery (CSRF) Attacks

The following example applies antiforgery request validation to the DevExpress ASP.NET Core Dashboard control.

Example Overview

Follow the steps below to apply antiforgery request validation.

Configure a custom dashboard controller

  1. Create a custom dashboard controller. If you already have a custom controller, you can skip this step.
namespace AspNetCoreDashboardPreventCrossSiteRequestForgery.Controllers {
    public class CustomDashboardController : DashboardController {
        public CustomDashboardController(CustomDashboardConfigurator configurator, IDataProtectionProvider dataProtectionProvider = null): base(configurator, dataProtectionProvider) { 
        }
    }    
}
  1. Change default routing to use the created controller.
app.UseEndpoints(endpoints => {
	endpoints.MapDashboardRoute("dashboardControl", "CustomDashboard");
	// ...
});
  1. Specify the controller name in the Web Dashboard settings.
@(Html.DevExpress().Dashboard("dashboardControl1")
     ...
    .ControllerName("CustomDashboard")
)

Add validation for AntiforgeryToken

  1. Add the Antiforgery service.
services.AddAntiforgery(options => {
	// Set Cookie properties using CookieBuilder properties†.
	options.FormFieldName = "X-CSRF-TOKEN";
	options.HeaderName = "X-CSRF-TOKEN";
	options.SuppressXFrameOptionsHeader = false;
});
  1. Add the AutoValidateAntiforgeryToken attribute to the custom controller.
[AutoValidateAntiforgeryToken]
public class CustomDashboardController : DashboardController {
	// ...
}
  1. Configure the Web Dashboard control's backend options.
@inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Xsrf
 
@(Html.DevExpress().Dashboard("dashboardControl1")
    ...
    .ControllerName("CustomDashboard")
    .BackendOptions(backendOptions => {
        backendOptions.RequestHttpHeaders(headers => {
            headers.Add("X-CSRF-TOKEN", Xsrf.GetAndStoreTokens(HttpContext).RequestToken);
        });
    })
)

Files to Review

Documentation

More Examples

Does this example address your development requirements/objectives?

(you will be redirected to DevExpress.com to submit your response)

About

How to apply antiforgery request validation to the ASP.NET Core Dashboard control.

Topics

business-intelligence csrf asp-net-core csrf-protection csrf-tokens web-dashboard csrf-attacks antiforgery dashboard-for-asp-net-core

Resources

Readme

License

View license
Activity
Custom properties

Stars

1 star

Watchers

54 watching

Forks

0 forks
Report repository

Contributors 6

Languages