Example AJAX call back to an ASP.NET Core Razor Page

by

Razor Pages automatically generates and validates Antiforgery tokens to prevent CSRF attacks. Since you aren’t sending any token within your AJAX callback, the request fails.

To solve this problem you will have to:

  1. Register the Antiforgery-Service
  2. Add the token to your request
  3. Add the antiforgery token to your page either by adding a <form> or by directly using the @Html.AntiForgeryToken HtmlHelper

1. Register the Antiforgery-Service in your Startup.cs

public void ConfigureServices(IServiceCollection services)
{
  services.AddRazorPages();
  services.AddAntiforgery(o => o.HeaderName = "XSRF-TOKEN");
}

2. Modify your AJAX callback

In the AJAX callback we add additional code to send the XSRF-TOKEN with our request header.

$.ajax({
    type: "POST",
    url: '/?handler=YOUR_CUSTOM_HANDLER', // Replace YOUR_CUSTOM_HANDLER with your handler.
    contentType: "application/json; charset=utf-8",

    beforeSend: function (xhr) {
      xhr.setRequestHeader("XSRF-TOKEN",
        $('input:hidden[name="__RequestVerificationToken"]').val());
    },

    dataType: "json"
}).done(function (data) {
  console.log(data.result);
})

3. Add the antiforgery token to your page

You can accomplish this by adding a <form>:

<form method="post">
    <input type="button" value="Ajax test" class="btn btn-default" onclick="ajaxTest();" />
</form>

or by using the @Html.AntiForgeryToken:

@Html.AntiForgeryToken()
<input type="button" value="Ajax test" class="btn btn-default" onclick="ajaxTest();" />

In both cases Razor Pages will automatically add a hidden input field which contains the antiforgery token once the page is loaded:

<input name="__RequestVerificationToken" type="hidden" value="THE_TOKEN_VALUE" />

More Related Contents:

  1. How to get Windows Explorer type look and feel inside my Application? [closed]
  2. System.IndexOutOfRangeException: Cannot find table 0
  3. 10% margin on popup
  4. How to Convert JSON object to Custom C# object?
  5. Use multiple JWT Bearer Authentication
  6. How to implement real time data for a web page
  7. Posting JSON Data to ASP.NET MVC
  8. Complex type is getting null in a ApiController parameter
  9. C# WebBrowser control — Get Document Elements After AJAX?
  10. Passing array of strings to webmethod with variable number of arguments using jQuery AJAX
  11. Can Razor Class Library pack static files (js, css etc) too?
  12. MVC 4 Edit modal form using Bootstrap
  13. Cascade deleting with EF Core
  14. Is there a standard way to encode a .NET string into JavaScript string for use in MS Ajax?
  15. Download feature not working within update panel in asp.net
  16. C# httpwebrequest and javascript
  17. How to upload files using ajax to asp.net mvc controller action
  18. Run a background task from a controller action in ASP.NET Core
  19. No authenticationScheme was specified, and there was no DefaultChallengeScheme found with default authentification and custom authorization
  20. .Net Core 3.0 JsonSerializer populate existing object
  21. The provider for the source IQueryable doesn’t implement IAsyncQueryProvider
  22. ASP.NET Core Identity 2.0 SignoutAsync is not logging out user if the user signed in with Google
  23. Identity UI no longer works after switching to .net core 3 endpoint routing
  24. Identity in ASP.Net Core 2.1< - Customize AccountController
  25. What is the difference between UseStaticFiles, UseSpaStaticFiles, and UseSpa in ASP.NET Core 2.1?
  26. ajax “loading” icon with UpdatePanel postbacks
  27. how can i get the same page with the click of back button of browser
  28. ‘HttpPostedFileBase’ in Asp.Net Core 2.0
  29. Sharing Cookies Between Two ASP.NET Core Applications
  30. Web API complex parameter properties are all null

Leave a Comment