Upload files to a minimal API endpoint in .NET 8
Edit: Code Repo here.
Also I'm aware that I can simply add .DisableAntiforgery(); to my API endpoint as explained here to make it work, but I'd like to do this the proper way.
I'm trying to upload a file from a Blazor component in the client side to a backend Minimal API endpoint using an Http POST call but after many failed attempts, I'm posting this question here.
I first tried this in my backend API as documented here:
app.MapPost("/upload_many", async (IFormFileCollection myFiles) =>
{
foreach (var file in myFiles)
{
// Do my thing
}
});
Sent the request to the backend API using Swagger UI:
I was hit with this error: 😩
System.InvalidOperationException: Endpoint HTTP: POST /upload_many contains anti-forgery metadata, but a middleware was not found that supports anti-forgery.
Configure your application startup by adding app.UseAntiforgery() in the application startup code. If there are calls to app.UseRouting() and app.UseEndpoints(...), the call to app.UseAntiforgery() must go between them. Calls to app.UseAntiforgery() must be placed after calls to app.UseAuthentication() and app.UseAuthorization().
at Microsoft.AspNetCore.Routing.EndpointMiddleware.ThrowMissingAntiforgeryMiddlewareException(Endpoint endpoint)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
I then tried this.
Program.cs in my backend API:
//...
builder.Services.AddAntiforgery();
//...
var app = builder.Build();
//...
app.MapPost("/upload_many", async (IFormFileCollection myFiles) =>
{
foreach (var file in myFiles)
{
// Do my thing here
}
});
//...
I was hit with this error: 😫
Microsoft.AspNetCore.Http.BadHttpRequestException: Invalid anti-forgery token found when reading parameter "IFormFileCollection myFiles" from the request body as form.
---> Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.JitzV0NlXkw" is not present.
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
at Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryMiddleware.InvokeAwaited(HttpContext context)
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Http.RequestDelegateFactory.Log.InvalidAntiforgeryToken(HttpContext httpContext, String parameterTypeName, String parameterName, Exception exception, Boolean shouldThrow)
at Microsoft.AspNetCore.Http.RequestDelegateFactory.<HandleRequestBodyAndCompileRequestDelegateForForm>g__TryReadFormAsync|102_0(HttpContext httpContext, String parameterTypeName, String parameterName, Boolean throwOnBadRequest)
at Microsoft.AspNetCore.Http.RequestDelegateFactory.<>c__DisplayClass102_2.<<HandleRequestBodyAndCompileRequestDelegateForForm>b__2>d.MoveNext()
--- End of stack trace from previous location ---
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Antiforgery.Internal.AntiforgeryMiddleware.InvokeAwaited(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
I'm beginning to think that I'm not doing this right. And I couldn't find a working example in the documentation.
Solution
I figured this out after going through this.
Full source code here.
As per the docs, to be able to upload files you need an Authorization header, a client certificate, or a cookie header.
To satisfy that requirement, I decided to pass Antiforgery token with the file upload POST request.
Now my API endpoints looks like this:
// Get token endpoint
app.MapGet("antiforgery/token", (IAntiforgery forgeryService, HttpContext context) =>
{
var tokens = forgeryService.GetAndStoreTokens(context);
var xsrfToken = tokens.RequestToken!;
return TypedResults.Content(xsrfToken, "text/plain");
});
//.RequireAuthorization(); // In a real world scenario, you'll only give this token to authorized users
// Post files endpoint
app.MapPost("/upload_many", async (IFormFileCollection myFiles) =>
{
foreach (var file in myFiles)
{
// ...
}
return TypedResults.Ok("Ayo, I got your files!");
});
So I've got 2 endpoints now:
Upload the file
Step 1: Get the token.
Step 2.1: Before making the POST call to Upload endpoint, add the XSRF token you received from Step 1.
Step 2.2: Add the file you want to upload. pickle.png in my case.
Step 2.3: Hit send. At this point, you'll be able to make a successful call.
- How to determine if a property is required?
- .NET 4.5 changing how Response.IsRequestBeingRedirected behaves on Ajax calls - why?
- CancellationToken with async Dapper methods?
- How to check if a number is a power of 2
- How to stop Visual Studio from adding IIS Express to launchsettings
- How do I create a generic converter for units of measurement in C#?
- WinUI 3 Community Toolkit: Undefined namespace XAML
- The constraint reference 'string' could not be resolved to a type. (netcoreapp3.0)
- "File Not Found" while trying to compile an RC file (probably dumb mistake)
- Using Snyk Build Task in Azure DevOps Pipeline Error for .Net 8 Project
- How to conditionally use the 'default' color in MAUI?
- Automatically Install Module/Extension in DNN (DotNetNuke)
- Can you explain difference between StrictMock and Partialmock?
- Stubbing a read only property with Rhino Mocks
- Retrieve the current view name in ASP.NET MVC?
- How to Use UnsafeAccessor to Check if Autofac.Core.Lifetime.LifetimeScope IsDisposed in .NET 8?
- How do I convert hexidecimal to decimal using C# & BigInt?
- How do I truncate a .NET string?
- KERNELBASE.dll Exception 0xe0434352 offset 0x000000000000a49d
- .NET MAUI Hybrid Blazor Copy to Clipboard
- How to bind the IsEnabled property to an OR of two values?
- error MSB3073: The command "npm install" exited with code 1
- CSharp Console - Account Login
- EF Core 9 .HasConversion
- How do strings work when shallow copying something in C#?
- How to set the target framework to v2.0 or v3.5 instead of 4.0 when compiling a program from a source file?
- How is it possible to see C# code after compilation/optimization?
- Start exe even with missing dependency dlls?
- Using Action(Of T...) over a custom delegate syntax for readability
- Is C# compiler not reporting all errors at once at each compile?