Bad request - Anti Foreign Token on Login

[AmadorSV]

Hello,

After fixing the problem with the redirects urls, now I'm getting another issue, when I do the login with the default credentials I'm getting a bad request, after checking the log its says something related to anti foreign token, any idea?

Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[102]
Oct 04 16:23:21 auth-server run.sh[45152]: Route matched with {area = "pwd", action = "Index", controller = "Authenticate"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(System.String, SimpleIdServer.IdServer.UI.ViewModels.AuthenticatePasswordViewModel, System.Threading.CancellationToken) on controller SimpleIdServer.IdServer.UI.AuthenticateController (SimpleIdServer.IdServer).
Oct 04 16:23:21 auth-server run.sh[45152]: info: Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter[1]
Oct 04 16:23:21 auth-server run.sh[45152]: Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.XttH9rXme_Q" is not present.
Oct 04 16:23:21 auth-server run.sh[45152]: Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.XttH9rXme_Q" is not present.
Oct 04 16:23:21 auth-server run.sh[45152]: at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
Oct 04 16:23:21 auth-server run.sh[45152]: at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
Oct 04 16:23:21 auth-server run.sh[45152]: info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
Oct 04 16:23:21 auth-server run.sh[45152]: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter'.
Oct 04 16:23:21 auth-server run.sh[45152]: info: Microsoft.AspNetCore.Mvc.StatusCodeResult[1]
Oct 04 16:23:21 auth-server run.sh[45152]: Executing StatusCodeResult, setting HTTP status code 400
Oct 04 16:23:21 auth-server run.sh[45152]: info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[105]

[simpleidserver]

Hello,

I have reproduced your issue on a virtual machine. The cookie .AspNetCore.Antiforgery cannot be read by the Identity Server because it has a Secure parameter. This cookie is generated by ASP.NET Core, and its options cannot be overridden in the appsettings.json file.

Could you please host your website under HTTPS and try again?

To make it work, please follow these steps:

1. Edit the file run.sh and update the query like this:

eval "./$EXECUTABLE --urls=https://*:5001";

2. Navigate to the Server directory.
3. Edit the appsettings.json file and replace the Authority property with https://ipserver:5001.

Try running the website again.

The documentation will be updated later to explain the different strategies for hosting a website on a standalone LINUX server (Ticket #593: #593).

KR,

SID