From db65b162abdb4c335b18f3a6c3607b2472b23e87 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 16:36:06 +0200
Subject: [PATCH 01/19] docs(upload): Add KB for Antiforgery integration
---
components/upload/events.md | 2 +-
components/upload/troubleshooting.md | 5 +
.../upload-validateantiforgerytoken.md | 226 ++++++++++++++++++
3 files changed, 232 insertions(+), 1 deletion(-)
create mode 100644 knowledge-base/upload-validateantiforgerytoken.md
diff --git a/components/upload/events.md b/components/upload/events.md
index 4972327234..4adc148d67 100644
--- a/components/upload/events.md
+++ b/components/upload/events.md
@@ -416,7 +416,7 @@ If you cancel the event, the file upload will not start. If `AutoUpload="false"`
Use the `OnUpload` and [`OnRemove`](#onremove) event handlers to send additional custom data and request headers to the server, together with the file. For example, the data may be related to:
* Authentication
-* CSRF cross-site anti forgery tokens
+* CSRF cross-site or [anti forgery tokens]({%slug upload-kb-validateantiforgerytoken%})
* Any metadata related to the app business logic
To send **cookies** with the upload request, set the [`WithCredentials` component parameter]({%slug upload-overview%}#upload-parameters) to `true`.
diff --git a/components/upload/troubleshooting.md b/components/upload/troubleshooting.md
index 4474d650e7..2156c7aec7 100644
--- a/components/upload/troubleshooting.md
+++ b/components/upload/troubleshooting.md
@@ -51,6 +51,11 @@ The server does not return any response. The browser console shows connection er
This means that the uploaded file size [exceeds the web server's maximum]({%slug upload-overview%}#large-file-uploads).
+## Antiforgery Validation Blocks the Upload Requests
+
+If the upload controller is decorated with a `[ValidateAntiForgeryToken]` attribute, then the Upload component must include antiforgery tokens in its upload and delete requests. Use the [`OnUpload` and `OnRemove`]({%slug upload-events%}) events to [add the required antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%}).
+
+
## See Also
* [How to implement Upload controller methods]({%slug upload-overview%}#implement-controller-methods)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
new file mode 100644
index 0000000000..d866251633
--- /dev/null
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -0,0 +1,226 @@
+---
+title: Upload Files with Antiforgery Validation
+description:
+type: how-to
+page_title: How to Upload Files with Antiforgery Validation
+slug: upload-kb-validateantiforgerytoken
+position:
+tags: telerik, blazor, upload
+ticketid: 1626509, 1637325
+res_type: kb
+---
+
+## Environment
+
+
+
+
+ | Product |
+ Upload for Blazor |
+
+
+
+
+
+## Description
+
+This KB article answers the following questions:
+
+* How to use the Telerik Blazor Upload component with controllers that are decorated with `[ValidateAntiForgeryToken]` attribute?
+* How to upload files to controllers that require antiforgery validation?
+* How to set antiforgery tokens in the Upload's `OnUpload` and `OnRemove` events?
+
+
+## Solution
+
+Here are the suggested steps to configure .NET Core Blazor antiforgery validation and integrate it with the Telerik Upload component.
+
+1. Edit `Program.cs`:
+ * Add `builder.Services.AddRazorPages();`
+ * Add `builder.Services.AddHttpContextAccessor();`
+ * (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
+ * Verify that `app.UseAntiforgery();` is present
+ * Add `app.MapDefaultControllerRoute();` to configure routing
+1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
+1. Decorate the controler class or specific action methods with `[ValidateAntiForgeryToken]`.
+1. Configure the Razor component, which contains the Telerik Blazor Upload:
+ * Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
+ * Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
+ * Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
+ * Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
+ * Add the required anti-forgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
+
+The code snippets bellow assume that the application name is `BlazorAppName`.
+
+>caption Using Telerik Blazor Upload with Antiforgery validation
+
+
+
+````Program.cs
+// This is not the complete Program.cs file, but only the relevant bits.
+
+using Microsoft.AspNetCore.Http.Features;
+// Required by ValidateAntiForgeryTokenAttribute()
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Server.Kestrel.Core;
+
+var builder = WebApplication.CreateBuilder(args);
+
+// ...
+
+// Required by MapDefaultControllerRoute()
+builder.Services.AddRazorPages();
+
+// Not necessary due to AddRazorPages()
+//builder.Services.AddControllersWithViews(options =>
+//{
+// options.Filters.Add(new ValidateAntiForgeryTokenAttribute());
+//});
+
+// Required by Antiforgery.GetAndStoreTokens() in Razor components
+builder.Services.AddHttpContextAccessor();
+
+// This statement and the custom names are optional.
+builder.Services.AddAntiforgery(options => {
+ options.HeaderName = "X-CSRF-TOKEN-HEADERNAME";
+ options.FormFieldName = "X-CSRF-TOKEN-FORMFIELDNAME";
+});
+
+builder.Services.AddTelerikBlazor();
+
+// ASP.NET Core Upload file size limit
+builder.Services.Configure(options =>
+{
+ options.MultipartBodyLengthLimit = 4_294_967_296; // 4 GB
+});
+// Kestrel Upload file size limit
+builder.Services.Configure(options =>
+{
+ options.Limits.MaxRequestBodySize = 4_294_967_296; // 4 GB
+});
+
+var app = builder.Build();
+
+// ...
+
+app.UseAntiforgery();
+
+// Requires AddRazorPages() or AddControllersWithViews()
+app.MapDefaultControllerRoute();
+
+// ...
+
+app.Run();
+````
+````Razor
+@using Microsoft.AspNetCore.Antiforgery
+
+@inject AntiforgeryStateProvider AfStateProvider
+@inject IAntiforgery Antiforgery
+@inject IHttpContextAccessor HttpContextAccessor
+@inject NavigationManager NavigationManager
+
+Home
+
+
+
+@code {
+ private string UploadSaveUrl => ToAbsoluteUrl("api/upload/save");
+ private string UploadRemoveUrl => ToAbsoluteUrl("api/upload/remove");
+
+ private string? AntiforgeryHeaderName { get; set; }
+ private string? AntiforgeryHeaderToken { get; set; }
+ private string? AntiforgeryFormFieldName { get; set; }
+ private string? AntiforgeryFormValue { get; set; }
+
+ private void OnUploadUpload(UploadEventArgs args)
+ {
+ // There is no need to post both antiforgery header and data.
+ // Only one of them is enough.
+
+ args.RequestHeaders.Add(AntiforgeryHeaderName, AntiforgeryHeaderToken);
+ args.RequestData.Add(AntiforgeryFormFieldName, AntiforgeryFormValue);
+ }
+
+ private void OnUploadRemove(UploadEventArgs args)
+ {
+ // There is no need to post both antiforgery header and data.
+ // Only one of them is enough.
+
+ args.RequestHeaders.Add(AntiforgeryHeaderName, AntiforgeryHeaderToken);
+ args.RequestData.Add(AntiforgeryFormFieldName, AntiforgeryFormValue);
+ }
+
+ protected override void OnInitialized()
+ {
+ // Obtain the antiforgery header name and value.
+ if (HttpContextAccessor.HttpContext != null)
+ {
+ var afTokenSet = Antiforgery.GetAndStoreTokens(HttpContextAccessor.HttpContext);
+ AntiforgeryHeaderName = afTokenSet.HeaderName;
+ AntiforgeryHeaderToken = afTokenSet.RequestToken;
+ }
+
+ // Obtain the antiforgery form field name and value.
+ var afRequestToken = AfStateProvider.GetAntiforgeryToken();
+ if (afRequestToken != null)
+ {
+ AntiforgeryFormFieldName = afRequestToken.FormFieldName;
+ AntiforgeryFormValue = afRequestToken.Value;
+ }
+
+ base.OnInitialized();
+ }
+
+ private string ToAbsoluteUrl(string url)
+ {
+ return $"{NavigationManager.BaseUri}{url}";
+ }
+}
+````
+````Controller
+using Microsoft.AspNetCore.Mvc;
+
+namespace BlazorAppName.Controllers
+{
+ [ValidateAntiForgeryToken]
+ [Route("api/[controller]/[action]")]
+ public class UploadController : ControllerBase
+ {
+ public IWebHostEnvironment HostingEnvironment { get; set; }
+
+ public UploadController(IWebHostEnvironment hostingEnvironment)
+ {
+ HostingEnvironment = hostingEnvironment;
+ }
+
+ [HttpPost]
+ public async Task Save(IFormFile files)
+ {
+ // Save the file...
+
+ return new EmptyResult();
+ }
+
+ [HttpPost]
+ public async Task Remove([FromForm] string files)
+ {
+ // Delete the file...
+
+ return new EmptyResult();
+ }
+ }
+}
+````
+
+> This article contains code snippets and suggestions that relate to general .NET programming and antiforgery setup of a Blazor application. The provided implementation is just an example and is strictly outside the Telerik support scope. The primary resource for antiforgery configuration is the Microsoft documentation. See [Blazor authentication and authorization](https://learn.microsoft.com/en-us/aspnet/core/blazor/security/).
+
+
+## See Also
+
+* [Upload Overview]({%slug upload-overview%})
+* [Upload Events]({%slug upload-events%})
+* [Upload Troubleshooting]({%slug upload-troubleshooting%})
From 027c69d966f313b783bbb58e070e42d71ae4d758 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 17:51:44 +0200
Subject: [PATCH 02/19] Update
knowledge-base/upload-validateantiforgerytoken.md
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index d866251633..9fec311dfa 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -1,6 +1,6 @@
---
title: Upload Files with Antiforgery Validation
-description:
+description: Learn how to setup the Telerik Blazor Upload to work with .NET controllers that use ValidateAntiForgeryToken attribute. Configure Blazor apps with antiforgery validation.
type: how-to
page_title: How to Upload Files with Antiforgery Validation
slug: upload-kb-validateantiforgerytoken
From a6d17237926eb05f6b5f944b31e48aa727df4271 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:03 +0200
Subject: [PATCH 03/19] Update components/upload/troubleshooting.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
components/upload/troubleshooting.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/upload/troubleshooting.md b/components/upload/troubleshooting.md
index 2156c7aec7..75d98d4beb 100644
--- a/components/upload/troubleshooting.md
+++ b/components/upload/troubleshooting.md
@@ -53,7 +53,7 @@ This means that the uploaded file size [exceeds the web server's maximum]({%slug
## Antiforgery Validation Blocks the Upload Requests
-If the upload controller is decorated with a `[ValidateAntiForgeryToken]` attribute, then the Upload component must include antiforgery tokens in its upload and delete requests. Use the [`OnUpload` and `OnRemove`]({%slug upload-events%}) events to [add the required antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%}).
+If the upload controller is decorated with the `[ValidateAntiForgeryToken]` attribute, the Upload component must include antiforgery tokens in its upload and delete requests. Use the [`OnUpload` and `OnRemove`]({%slug upload-events%}) events to [add the required antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%}).
## See Also
From ea49ce306c441f75976384b2c6f50528d761b675 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:14 +0200
Subject: [PATCH 04/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 9fec311dfa..8ba30fbc7a 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -52,7 +52,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
The code snippets bellow assume that the application name is `BlazorAppName`.
->caption Using Telerik Blazor Upload with Antiforgery validation
+>caption Using Telerik Blazor Upload with antiforgery validation
From 210b6a60c7f7afc2cb78bf2d9944bdab97b8cec2 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:25 +0200
Subject: [PATCH 05/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 8ba30fbc7a..87d7e0cc99 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -26,7 +26,7 @@ res_type: kb
This KB article answers the following questions:
-* How to use the Telerik Blazor Upload component with controllers that are decorated with `[ValidateAntiForgeryToken]` attribute?
+* How to use the Telerik Blazor Upload component with controllers that are decorated with the `[ValidateAntiForgeryToken]` attribute?
* How to upload files to controllers that require antiforgery validation?
* How to set antiforgery tokens in the Upload's `OnUpload` and `OnRemove` events?
From 5ade126777d87ea194351ee85eec4f18981cacb8 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:42 +0200
Subject: [PATCH 06/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 87d7e0cc99..ffdda76a97 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -50,7 +50,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
* Add the required anti-forgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
-The code snippets bellow assume that the application name is `BlazorAppName`.
+The code snippets below assume that the application name is `BlazorAppName`.
>caption Using Telerik Blazor Upload with antiforgery validation
From edead982167a59be79c6b85a84288fd48dc812a8 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:10:46 +0200
Subject: [PATCH 07/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index ffdda76a97..a68871c05c 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -1,6 +1,6 @@
---
title: Upload Files with Antiforgery Validation
-description: Learn how to setup the Telerik Blazor Upload to work with .NET controllers that use ValidateAntiForgeryToken attribute. Configure Blazor apps with antiforgery validation.
+description: Learn how to setup the Telerik Blazor Upload to work with .NET controllers that use the ValidateAntiForgeryToken attribute. Configure Blazor apps with antiforgery validation.
type: how-to
page_title: How to Upload Files with Antiforgery Validation
slug: upload-kb-validateantiforgerytoken
From fc1bcb4de09e964907c6f68a555d4f2e52e36ebf Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:11:30 +0200
Subject: [PATCH 08/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index a68871c05c..ba54138e1b 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -42,7 +42,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Verify that `app.UseAntiforgery();` is present
* Add `app.MapDefaultControllerRoute();` to configure routing
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
-1. Decorate the controler class or specific action methods with `[ValidateAntiForgeryToken]`.
+1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
From a3b1e41dfe506a181e30062f419c08bbd568cc19 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:12:08 +0200
Subject: [PATCH 09/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index ba54138e1b..62ea172629 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -48,7 +48,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
- * Add the required anti-forgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
+ * Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
The code snippets below assume that the application name is `BlazorAppName`.
From e838aedf0a654835ec257663cdf3b990a889532c Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:14:38 +0200
Subject: [PATCH 10/19] Update components/upload/events.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
components/upload/events.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/upload/events.md b/components/upload/events.md
index 4adc148d67..f5cabc0d74 100644
--- a/components/upload/events.md
+++ b/components/upload/events.md
@@ -416,7 +416,7 @@ If you cancel the event, the file upload will not start. If `AutoUpload="false"`
Use the `OnUpload` and [`OnRemove`](#onremove) event handlers to send additional custom data and request headers to the server, together with the file. For example, the data may be related to:
* Authentication
-* CSRF cross-site or [anti forgery tokens]({%slug upload-kb-validateantiforgerytoken%})
+* [CSRF/XSRF cross-site antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%})
* Any metadata related to the app business logic
To send **cookies** with the upload request, set the [`WithCredentials` component parameter]({%slug upload-overview%}#upload-parameters) to `true`.
From 7d5433acaba2873dc067b2ed51f228bdcafdc0b0 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:15:07 +0200
Subject: [PATCH 11/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 62ea172629..8911eb2ab4 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -47,7 +47,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
- * Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
+ * Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
* Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
The code snippets below assume that the application name is `BlazorAppName`.
From 285cf10466e3cbba27c801e2821f3de01bca16f8 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:19:08 +0200
Subject: [PATCH 12/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 8911eb2ab4..9e8f57ac32 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -39,7 +39,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Add `builder.Services.AddRazorPages();`
* Add `builder.Services.AddHttpContextAccessor();`
* (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
- * Verify that `app.UseAntiforgery();` is present
+ * Verify that `app.UseAntiforgery();` is present.
* Add `app.MapDefaultControllerRoute();` to configure routing
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
From 76cc99f8df391aa333491b543655c67ab3deaa0e Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:19:25 +0200
Subject: [PATCH 13/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 9e8f57ac32..3108c9ac4e 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -40,7 +40,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Add `builder.Services.AddHttpContextAccessor();`
* (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
* Verify that `app.UseAntiforgery();` is present.
- * Add `app.MapDefaultControllerRoute();` to configure routing
+ * Add `app.MapDefaultControllerRoute();` to configure routing.
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
From 32ac1d65f5a73a559d1ea33c9886613bc4ec1d0c Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:19:38 +0200
Subject: [PATCH 14/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 3108c9ac4e..f84abf80a1 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -44,7 +44,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
- * Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
+ * Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method.
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
From 7a6d8f8c32dbd571aa38cdbf9f662a3f8488e5dc Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:20:35 +0200
Subject: [PATCH 15/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index f84abf80a1..58f792db29 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -45,7 +45,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method.
- * Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
+ * Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method.
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
* Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
From 8a7e5368b2c8bbc22986566e07bccc62d45dea65 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:20:52 +0200
Subject: [PATCH 16/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 58f792db29..487d9bc56a 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -46,7 +46,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. Configure the Razor component, which contains the Telerik Blazor Upload:
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method.
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method.
- * Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
+ * Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method.
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
* Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
From 64fbfa6e433297ac3637a12807ffff8ce581b59d Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:28:13 +0200
Subject: [PATCH 17/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 487d9bc56a..cdc3fc05fa 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -38,7 +38,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. Edit `Program.cs`:
* Add `builder.Services.AddRazorPages();`
* Add `builder.Services.AddHttpContextAccessor();`
- * (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
+ * (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`.
* Verify that `app.UseAntiforgery();` is present.
* Add `app.MapDefaultControllerRoute();` to configure routing.
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
From 0617eaca1dc3c84ba87d740627958020fbdedc8b Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:59:56 +0200
Subject: [PATCH 18/19] Update
knowledge-base/upload-validateantiforgerytoken.md
---
knowledge-base/upload-validateantiforgerytoken.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index cdc3fc05fa..ebbc5fbb68 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -216,6 +216,9 @@ namespace BlazorAppName.Controllers
}
````
+
+## Disclaimer
+
> This article contains code snippets and suggestions that relate to general .NET programming and antiforgery setup of a Blazor application. The provided implementation is just an example and is strictly outside the Telerik support scope. The primary resource for antiforgery configuration is the Microsoft documentation. See [Blazor authentication and authorization](https://learn.microsoft.com/en-us/aspnet/core/blazor/security/).
From d83070a5ed931ca0ec39fda0914c81e7f0fb848d Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 20:54:53 +0200
Subject: [PATCH 19/19] improve bullet point
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index ebbc5fbb68..fb235e18db 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -35,7 +35,7 @@ This KB article answers the following questions:
Here are the suggested steps to configure .NET Core Blazor antiforgery validation and integrate it with the Telerik Upload component.
-1. Edit `Program.cs`:
+1. Add services and configurations to `Program.cs`:
* Add `builder.Services.AddRazorPages();`
* Add `builder.Services.AddHttpContextAccessor();`
* (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`.