Custom attributes migration from .NET Framework to .NET 8
I am currently working on a migration project to migrate from .NET Framework to .NET 8. I am trying to migrate a custom attribute, but I'm getting some error. Can someone help me fix it?
Here's my code:
ValidateAntiForgeryHeader.cs :
public sealed class ValidateAntiForgeryHeader : Attribute, IAuthorizationFilter
{
private const string KEY_NAME = "__RequestVerificationToken";
private readonly IAntiforgery _antiForgery;
private readonly ILogger<ValidateAntiForgeryHeader> _logger;
// Inject the IAntiforgery and ILogger
public ValidateAntiForgeryHeader(IAntiforgery antiForgery, ILogger<ValidateAntiForgeryHeader> logger)
{
_antiForgery = antiForgery ?? throw new ArgumentNullException(nameof(antiForgery));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
var clientToken = filterContext.HttpContext.Request.Headers[KEY_NAME].FirstOrDefault();
string userId = SessionFacade.UserID(filterContext.HttpContext.RequestServices.GetService<IHttpContextAccessor>());
if (string.IsNullOrEmpty(clientToken))
{
Logger.LogException("ValidateAntiForgeryHeader", "OnAuthorization", clientToken, userId, Priority.Error, "ClientToken");
}
string serverToken = string.Empty;
foreach (var cookie in filterContext.HttpContext.Request.Cookies)
{
if (cookie.Key.Contains(KEY_NAME))
{
serverToken = cookie.Value;
break;
}
}
if (string.IsNullOrEmpty(serverToken))
{
Logger.LogException("ValidateAntiForgeryHeader", "OnAuthorization", serverToken, userId, Priority.Error, "ServerToken");
}
// System.Web.Helpers.AntiForgery.Validate(serverToken, clientToken);
// Perform AntiForgery validation if both tokens are present
if (!string.IsNullOrEmpty(clientToken) && !string.IsNullOrEmpty(serverToken))
{
try
{
// Validate the anti-forgery tokens
_antiForgery.ValidateRequestAsync(filterContext.HttpContext).Wait();
}
catch (Exception ex)
{
_logger.LogError(ex, "Anti-forgery token validation failed.");
filterContext.Result = new Microsoft.AspNetCore.Mvc.BadRequestObjectResult("Invalid anti-forgery token.");
}
}
else
{
filterContext.Result = new Microsoft.AspNetCore.Mvc.BadRequestObjectResult("Missing tokens.");
}
}
// private const string KEY_NAME = "__RequestVerificationToken";
}
Program.cs:
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc.Infrastructure;
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.ModelBinding.Metadata;
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
IConfiguration configuration = builder.Configuration;
builder.Services.AddScoped<ValidateAntiForgeryHeader>(); // Register custom filter
builder.Services.AddScoped<POSSExceptionHandlerAttribute>(); // Register POSSExceptionHandler
builder.Services.AddLogging();
builder.Services.AddAntiforgery(options =>
{
options.Cookie.Name = "X-CSRF-TOKEN";
options.FormFieldName = "__RequestVerificationToken";
options.SuppressXFrameOptionsHeader = false;
});
// builder.Services.AddControllersWithViews().AddDataAnnotationsLocalization();
builder.Services.AddControllersWithViews()
.AddJsonOptions(options =>
options.JsonSerializerOptions.PropertyNamingPolicy = null); // Disable camel case for JSON
//
builder.Services.AddControllersWithViews(options =>
{
// Register the global filters here.
//options.Filters.Add(new POSSExceptionHandlerAttribute(builder.Services.BuildServiceProvider().GetRequiredService<ILogger<POSSExceptionHandlerAttribute>>()));
options.Filters.AddService<POSSExceptionHandlerAttribute>();
options.Filters.AddService<ValidateAntiForgeryHeader>();
});
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/AccessDenied";
});
builder.Services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
builder.Services.AddSingleton<IActionContextAccessor, ActionContextAccessor>();
// Add authorization policies
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy => policy.RequireRole("Admin"));
});
builder.Services.AddKendo();
builder.Services.AddHttpContextAccessor();
builder.Services.AddSession();
var app = builder.Build();
// Configure middleware pipeline
if (app.Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
// Enable AntiForgery middleware
app.UseAntiforgery();
app.UseAuthentication();
app.UseSession();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Login}/{action=Index}/{id?}");
});
app.Run()
Razor view file:
@Html.AntiForgeryToken()
<div class="row">
Controller file:
[HttpPost]
[ValidateAntiForgeryHeader]
public ActionResult SaveCommentsForVisitorTransaction(string newComments, string oldComments, string visitorPass)
{
// .....
}
Error
There is no argument given that corresponds to the required parameter 'antiForgery' of 'ValidateAntiForgeryHeader.ValidateAntiForgeryHeader(IAntiforgery, ILogger)'
The error occurs because the constructor of the ValidateAntiForgeryHeader class requires two arguments, IAntiforgery and ILogger<ValidateAntiForgeryHeader>, but I am passing [ValidateAntiForgeryHeader] attribute without any argument.
Please help me to fix this issue and let me know if I am doing anything wrong here or missing anything.
Please help me to fix this issue and let me know if I am doing anything wrong here or missing anything.
Solution
The attribute couldn't get the injected service via the constructor parameter, to solve this issue, you should use the HttpContext.RequestServices.GetRequiredService method to get the required service and then use it inside the attribute method.
More details, you could refer to below codes:
public sealed class ValidateAntiForgeryHeader : Attribute, IAuthorizationFilter
{
private const string KEY_NAME = "__RequestVerificationToken";
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
// Resolve services from the DI container
var antiForgery = filterContext.HttpContext.RequestServices.GetRequiredService<IAntiforgery>();
var logger = filterContext.HttpContext.RequestServices.GetRequiredService<ILogger<ValidateAntiForgeryHeader>>();
var clientToken = filterContext.HttpContext.Request.Headers[KEY_NAME].FirstOrDefault();
if (string.IsNullOrEmpty(clientToken))
{
logger.LogError("ClientToken is missing.");
}
string serverToken = string.Empty;
foreach (var cookie in filterContext.HttpContext.Request.Cookies)
{
if (cookie.Key.Contains(KEY_NAME))
{
serverToken = cookie.Value;
break;
}
}
if (string.IsNullOrEmpty(serverToken))
{
logger.LogError("ServerToken is missing.");
}
// Perform AntiForgery validation if both tokens are present
if (!string.IsNullOrEmpty(clientToken) && !string.IsNullOrEmpty(serverToken))
{
try
{
// Validate the anti-forgery tokens
antiForgery.ValidateRequestAsync(filterContext.HttpContext).Wait();
}
catch (Exception ex)
{
logger.LogError(ex, "Anti-forgery token validation failed.");
filterContext.Result = new BadRequestObjectResult("Invalid anti-forgery token.");
}
}
else
{
filterContext.Result = new BadRequestObjectResult("Missing tokens.");
}
}
}
Result:
- ASP.NET Core MVC model on next page
- How to configure options to display StackTrace with AddProblemDetails() based on environment in ASP.NET Core?
- How can I disable these suggestions in VS Code for ASP.NET Razor Pages?
- ASP.Net Core MVC Accessing a ViewModel From a View for a Select control
- Persist ASP.NET Core auth cookies between docker image launches
- Hosting Stand Alone WASM ASP .NET Core - Not All Files Served - GitHub Repo in Description
- How to reference another value within the same appsettings.json file?
- Razor Pages Binding a List<t> to HTML Table
- ASP.NET CORE multiple names for the same action
- Return file in ASP.Net Core Web API
- How to Configure Identity Server to Issue JWTs Instead of Cookies for Authentication in a Microservices App?
- Azure cannot access connection string stored in app service configuration
- FluentUI Blazor TextField doesn't update current-value correctly
- Expiring a Secure Cookie
- SystemWeb Adapters Authentication failing due to multiple redirects with "query string is too long"
- 'Unable to resolve service for type ¨Microsoft.entityFrameworkCore.DbContextOptions¨1[LibraryData.LibraryContext] while attempting to activate
- NET 8 - SignalR HubConnection - Cannot access a disposed object
- SSL certificate error when running ASP.NET core app on docker
- Is this value conversion behavior change an expected change between .NET 8 and .NET 9?
- Why can't I deserialize JSON to an object with a List<T> property
- formselect url encoding of select list causing issues
- Can vscode use a profile from Properties/launchSettings.json?
- Serilog Expression Template in appSettings.json is being ignored
- How to get root directory of project in asp.net core. Directory.GetCurrentDirectory() doesn't seem to work correctly on a mac
- Identity Model Customization .NET Core 8
- Why is app.UseMiddleware<T>() causing a 500 error?
- How can I create a policy and add it to an index?
- Export to Excel head row format filter
- .net core - Middleware don't handle requests
- Visual studio 2022 Class library manage connected services does not show up