Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

EnableHttpLogging causes anti forgery token verification error during partial log in. #871

Closed
kylesonaty opened this issue Feb 4, 2015 · 5 comments

Comments

@kylesonaty
Copy link

I have a partial log in where we migrate users accounts.

 [HttpPost]
 [ValidateAntiForgeryToken]
 public async Task<ActionResult> Index(UsernameToEmailInputModel model)

and the @Html.AntiForgeryToken() is in the view and inside the form.

If the logging options are setup in the IdentityServerOptions has HTTP logging enabled

LoggingOptions = new LoggingOptions { EnableHttpLogging = true }

I will receive a generic error stating that The required anti-forgery form field “__RequestVerificationToken” is not present Error in user Registration

If I remove the anti forgery token from the view and the controller I get
“This method or property is not supported after HttpRequest.GetBufferlessInputStream has been invoked.”

@brockallen
Copy link
Member

Mind checking something for me? Remove the [ValidateAntiForgeryToken] and see if you get any of your inputs in your MVC action method. I suspect you will not.

@brockallen
Copy link
Member

So BTW, I have feeling this is an issue between WebAPI and ASP.NET -- WebAPI is consuming the entire request buffer (for the logging) and then outside of Web API (meaning ASP.NET) something's now broken/gone in the buffer.

@kylesonaty
Copy link
Author

If I remove the [ValidateAntiForgeryToken] I get this error
“This method or property is not supported after HttpRequest.GetBufferlessInputStream has been invoked.” and it never makes it to the method.

@brockallen
Copy link
Member

Right -- so we need to discuss, but I don't think there's much we can do. This is the two frameworks fighting each other.

@leastprivilege
Copy link
Member

not much we can do here. Unless someone has an idea. closing for now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants