From 69250166595382485414e1901d1ff51c3e998211 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 16:36:06 +0200
Subject: [PATCH 01/19] docs(upload): Add KB for Antiforgery integration
---
components/upload/events.md | 2 +-
components/upload/troubleshooting.md | 5 +
.../upload-validateantiforgerytoken.md | 226 ++++++++++++++++++
3 files changed, 232 insertions(+), 1 deletion(-)
create mode 100644 knowledge-base/upload-validateantiforgerytoken.md
diff --git a/components/upload/events.md b/components/upload/events.md
index 4972327234..4adc148d67 100644
--- a/components/upload/events.md
+++ b/components/upload/events.md
@@ -416,7 +416,7 @@ If you cancel the event, the file upload will not start. If `AutoUpload="false"`
Use the `OnUpload` and [`OnRemove`](#onremove) event handlers to send additional custom data and request headers to the server, together with the file. For example, the data may be related to:
* Authentication
-* CSRF cross-site anti forgery tokens
+* CSRF cross-site or [anti forgery tokens]({%slug upload-kb-validateantiforgerytoken%})
* Any metadata related to the app business logic
To send **cookies** with the upload request, set the [`WithCredentials` component parameter]({%slug upload-overview%}#upload-parameters) to `true`.
diff --git a/components/upload/troubleshooting.md b/components/upload/troubleshooting.md
index 4474d650e7..2156c7aec7 100644
--- a/components/upload/troubleshooting.md
+++ b/components/upload/troubleshooting.md
@@ -51,6 +51,11 @@ The server does not return any response. The browser console shows connection er
This means that the uploaded file size [exceeds the web server's maximum]({%slug upload-overview%}#large-file-uploads).
+## Antiforgery Validation Blocks the Upload Requests
+
+If the upload controller is decorated with a `[ValidateAntiForgeryToken]` attribute, then the Upload component must include antiforgery tokens in its upload and delete requests. Use the [`OnUpload` and `OnRemove`]({%slug upload-events%}) events to [add the required antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%}).
+
+
## See Also
* [How to implement Upload controller methods]({%slug upload-overview%}#implement-controller-methods)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
new file mode 100644
index 0000000000..d866251633
--- /dev/null
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -0,0 +1,226 @@
+---
+title: Upload Files with Antiforgery Validation
+description:
+type: how-to
+page_title: How to Upload Files with Antiforgery Validation
+slug: upload-kb-validateantiforgerytoken
+position:
+tags: telerik, blazor, upload
+ticketid: 1626509, 1637325
+res_type: kb
+---
+
+## Environment
+
+
+
+
+ | Product |
+ Upload for Blazor |
+
+
+
+
+
+## Description
+
+This KB article answers the following questions:
+
+* How to use the Telerik Blazor Upload component with controllers that are decorated with `[ValidateAntiForgeryToken]` attribute?
+* How to upload files to controllers that require antiforgery validation?
+* How to set antiforgery tokens in the Upload's `OnUpload` and `OnRemove` events?
+
+
+## Solution
+
+Here are the suggested steps to configure .NET Core Blazor antiforgery validation and integrate it with the Telerik Upload component.
+
+1. Edit `Program.cs`:
+ * Add `builder.Services.AddRazorPages();`
+ * Add `builder.Services.AddHttpContextAccessor();`
+ * (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
+ * Verify that `app.UseAntiforgery();` is present
+ * Add `app.MapDefaultControllerRoute();` to configure routing
+1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
+1. Decorate the controler class or specific action methods with `[ValidateAntiForgeryToken]`.
+1. Configure the Razor component, which contains the Telerik Blazor Upload:
+ * Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
+ * Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
+ * Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
+ * Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
+ * Add the required anti-forgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
+
+The code snippets bellow assume that the application name is `BlazorAppName`.
+
+>caption Using Telerik Blazor Upload with Antiforgery validation
+
+
+
+````Program.cs
+// This is not the complete Program.cs file, but only the relevant bits.
+
+using Microsoft.AspNetCore.Http.Features;
+// Required by ValidateAntiForgeryTokenAttribute()
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Server.Kestrel.Core;
+
+var builder = WebApplication.CreateBuilder(args);
+
+// ...
+
+// Required by MapDefaultControllerRoute()
+builder.Services.AddRazorPages();
+
+// Not necessary due to AddRazorPages()
+//builder.Services.AddControllersWithViews(options =>
+//{
+// options.Filters.Add(new ValidateAntiForgeryTokenAttribute());
+//});
+
+// Required by Antiforgery.GetAndStoreTokens() in Razor components
+builder.Services.AddHttpContextAccessor();
+
+// This statement and the custom names are optional.
+builder.Services.AddAntiforgery(options => {
+ options.HeaderName = "X-CSRF-TOKEN-HEADERNAME";
+ options.FormFieldName = "X-CSRF-TOKEN-FORMFIELDNAME";
+});
+
+builder.Services.AddTelerikBlazor();
+
+// ASP.NET Core Upload file size limit
+builder.Services.Configure(options =>
+{
+ options.MultipartBodyLengthLimit = 4_294_967_296; // 4 GB
+});
+// Kestrel Upload file size limit
+builder.Services.Configure(options =>
+{
+ options.Limits.MaxRequestBodySize = 4_294_967_296; // 4 GB
+});
+
+var app = builder.Build();
+
+// ...
+
+app.UseAntiforgery();
+
+// Requires AddRazorPages() or AddControllersWithViews()
+app.MapDefaultControllerRoute();
+
+// ...
+
+app.Run();
+````
+````Razor
+@using Microsoft.AspNetCore.Antiforgery
+
+@inject AntiforgeryStateProvider AfStateProvider
+@inject IAntiforgery Antiforgery
+@inject IHttpContextAccessor HttpContextAccessor
+@inject NavigationManager NavigationManager
+
+Home
+
+
+
+@code {
+ private string UploadSaveUrl => ToAbsoluteUrl("api/upload/save");
+ private string UploadRemoveUrl => ToAbsoluteUrl("api/upload/remove");
+
+ private string? AntiforgeryHeaderName { get; set; }
+ private string? AntiforgeryHeaderToken { get; set; }
+ private string? AntiforgeryFormFieldName { get; set; }
+ private string? AntiforgeryFormValue { get; set; }
+
+ private void OnUploadUpload(UploadEventArgs args)
+ {
+ // There is no need to post both antiforgery header and data.
+ // Only one of them is enough.
+
+ args.RequestHeaders.Add(AntiforgeryHeaderName, AntiforgeryHeaderToken);
+ args.RequestData.Add(AntiforgeryFormFieldName, AntiforgeryFormValue);
+ }
+
+ private void OnUploadRemove(UploadEventArgs args)
+ {
+ // There is no need to post both antiforgery header and data.
+ // Only one of them is enough.
+
+ args.RequestHeaders.Add(AntiforgeryHeaderName, AntiforgeryHeaderToken);
+ args.RequestData.Add(AntiforgeryFormFieldName, AntiforgeryFormValue);
+ }
+
+ protected override void OnInitialized()
+ {
+ // Obtain the antiforgery header name and value.
+ if (HttpContextAccessor.HttpContext != null)
+ {
+ var afTokenSet = Antiforgery.GetAndStoreTokens(HttpContextAccessor.HttpContext);
+ AntiforgeryHeaderName = afTokenSet.HeaderName;
+ AntiforgeryHeaderToken = afTokenSet.RequestToken;
+ }
+
+ // Obtain the antiforgery form field name and value.
+ var afRequestToken = AfStateProvider.GetAntiforgeryToken();
+ if (afRequestToken != null)
+ {
+ AntiforgeryFormFieldName = afRequestToken.FormFieldName;
+ AntiforgeryFormValue = afRequestToken.Value;
+ }
+
+ base.OnInitialized();
+ }
+
+ private string ToAbsoluteUrl(string url)
+ {
+ return $"{NavigationManager.BaseUri}{url}";
+ }
+}
+````
+````Controller
+using Microsoft.AspNetCore.Mvc;
+
+namespace BlazorAppName.Controllers
+{
+ [ValidateAntiForgeryToken]
+ [Route("api/[controller]/[action]")]
+ public class UploadController : ControllerBase
+ {
+ public IWebHostEnvironment HostingEnvironment { get; set; }
+
+ public UploadController(IWebHostEnvironment hostingEnvironment)
+ {
+ HostingEnvironment = hostingEnvironment;
+ }
+
+ [HttpPost]
+ public async Task Save(IFormFile files)
+ {
+ // Save the file...
+
+ return new EmptyResult();
+ }
+
+ [HttpPost]
+ public async Task Remove([FromForm] string files)
+ {
+ // Delete the file...
+
+ return new EmptyResult();
+ }
+ }
+}
+````
+
+> This article contains code snippets and suggestions that relate to general .NET programming and antiforgery setup of a Blazor application. The provided implementation is just an example and is strictly outside the Telerik support scope. The primary resource for antiforgery configuration is the Microsoft documentation. See [Blazor authentication and authorization](https://learn.microsoft.com/en-us/aspnet/core/blazor/security/).
+
+
+## See Also
+
+* [Upload Overview]({%slug upload-overview%})
+* [Upload Events]({%slug upload-events%})
+* [Upload Troubleshooting]({%slug upload-troubleshooting%})
From abc35a90e73559c3eb91b1a19da0020c90c903be Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 17:51:44 +0200
Subject: [PATCH 02/19] Update
knowledge-base/upload-validateantiforgerytoken.md
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index d866251633..9fec311dfa 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -1,6 +1,6 @@
---
title: Upload Files with Antiforgery Validation
-description:
+description: Learn how to setup the Telerik Blazor Upload to work with .NET controllers that use ValidateAntiForgeryToken attribute. Configure Blazor apps with antiforgery validation.
type: how-to
page_title: How to Upload Files with Antiforgery Validation
slug: upload-kb-validateantiforgerytoken
From f6a4ced305f1e4e1ad4026cea9d13d18ca58af62 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:03 +0200
Subject: [PATCH 03/19] Update components/upload/troubleshooting.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
components/upload/troubleshooting.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/upload/troubleshooting.md b/components/upload/troubleshooting.md
index 2156c7aec7..75d98d4beb 100644
--- a/components/upload/troubleshooting.md
+++ b/components/upload/troubleshooting.md
@@ -53,7 +53,7 @@ This means that the uploaded file size [exceeds the web server's maximum]({%slug
## Antiforgery Validation Blocks the Upload Requests
-If the upload controller is decorated with a `[ValidateAntiForgeryToken]` attribute, then the Upload component must include antiforgery tokens in its upload and delete requests. Use the [`OnUpload` and `OnRemove`]({%slug upload-events%}) events to [add the required antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%}).
+If the upload controller is decorated with the `[ValidateAntiForgeryToken]` attribute, the Upload component must include antiforgery tokens in its upload and delete requests. Use the [`OnUpload` and `OnRemove`]({%slug upload-events%}) events to [add the required antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%}).
## See Also
From 4f053c6a6f6929549e74bdee78304daf1439e691 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:14 +0200
Subject: [PATCH 04/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 9fec311dfa..8ba30fbc7a 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -52,7 +52,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
The code snippets bellow assume that the application name is `BlazorAppName`.
->caption Using Telerik Blazor Upload with Antiforgery validation
+>caption Using Telerik Blazor Upload with antiforgery validation
From d273677fef7747af70e3687ed6b538b04297515e Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:25 +0200
Subject: [PATCH 05/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 8ba30fbc7a..87d7e0cc99 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -26,7 +26,7 @@ res_type: kb
This KB article answers the following questions:
-* How to use the Telerik Blazor Upload component with controllers that are decorated with `[ValidateAntiForgeryToken]` attribute?
+* How to use the Telerik Blazor Upload component with controllers that are decorated with the `[ValidateAntiForgeryToken]` attribute?
* How to upload files to controllers that require antiforgery validation?
* How to set antiforgery tokens in the Upload's `OnUpload` and `OnRemove` events?
From 7249b683e4fef9e63df1bf01c329270d70d0bbfe Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:08:42 +0200
Subject: [PATCH 06/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 87d7e0cc99..ffdda76a97 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -50,7 +50,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
* Add the required anti-forgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
-The code snippets bellow assume that the application name is `BlazorAppName`.
+The code snippets below assume that the application name is `BlazorAppName`.
>caption Using Telerik Blazor Upload with antiforgery validation
From 09a660e94b79d596aeefb026b97c2cbf77544e7d Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:10:46 +0200
Subject: [PATCH 07/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index ffdda76a97..a68871c05c 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -1,6 +1,6 @@
---
title: Upload Files with Antiforgery Validation
-description: Learn how to setup the Telerik Blazor Upload to work with .NET controllers that use ValidateAntiForgeryToken attribute. Configure Blazor apps with antiforgery validation.
+description: Learn how to setup the Telerik Blazor Upload to work with .NET controllers that use the ValidateAntiForgeryToken attribute. Configure Blazor apps with antiforgery validation.
type: how-to
page_title: How to Upload Files with Antiforgery Validation
slug: upload-kb-validateantiforgerytoken
From fc0d09b9c58773999ef305a42ecfd012714ec974 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:11:30 +0200
Subject: [PATCH 08/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index a68871c05c..ba54138e1b 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -42,7 +42,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Verify that `app.UseAntiforgery();` is present
* Add `app.MapDefaultControllerRoute();` to configure routing
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
-1. Decorate the controler class or specific action methods with `[ValidateAntiForgeryToken]`.
+1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
From 9529ee2134ecf764bc03e25e6a5c7b1371396bd3 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:12:08 +0200
Subject: [PATCH 09/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index ba54138e1b..62ea172629 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -48,7 +48,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
- * Add the required anti-forgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
+ * Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
The code snippets below assume that the application name is `BlazorAppName`.
From 5c75c5b44c87d3f78df3e32b206269fff9bdbee9 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:14:38 +0200
Subject: [PATCH 10/19] Update components/upload/events.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
components/upload/events.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/upload/events.md b/components/upload/events.md
index 4adc148d67..f5cabc0d74 100644
--- a/components/upload/events.md
+++ b/components/upload/events.md
@@ -416,7 +416,7 @@ If you cancel the event, the file upload will not start. If `AutoUpload="false"`
Use the `OnUpload` and [`OnRemove`](#onremove) event handlers to send additional custom data and request headers to the server, together with the file. For example, the data may be related to:
* Authentication
-* CSRF cross-site or [anti forgery tokens]({%slug upload-kb-validateantiforgerytoken%})
+* [CSRF/XSRF cross-site antiforgery tokens]({%slug upload-kb-validateantiforgerytoken%})
* Any metadata related to the app business logic
To send **cookies** with the upload request, set the [`WithCredentials` component parameter]({%slug upload-overview%}#upload-parameters) to `true`.
From f55d185cfc4a267568b13317f90a06ef5efbb460 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:15:07 +0200
Subject: [PATCH 11/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 62ea172629..8911eb2ab4 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -47,7 +47,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
- * Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required anti-forgery information.
+ * Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
* Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
The code snippets below assume that the application name is `BlazorAppName`.
From 775e0e200d4cd06fc634ce758774875d13832c11 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:19:08 +0200
Subject: [PATCH 12/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 8911eb2ab4..9e8f57ac32 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -39,7 +39,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Add `builder.Services.AddRazorPages();`
* Add `builder.Services.AddHttpContextAccessor();`
* (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
- * Verify that `app.UseAntiforgery();` is present
+ * Verify that `app.UseAntiforgery();` is present.
* Add `app.MapDefaultControllerRoute();` to configure routing
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
From 52015f930f279c18b478f8e06b88b35d335cf73c Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:19:25 +0200
Subject: [PATCH 13/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 9e8f57ac32..3108c9ac4e 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -40,7 +40,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
* Add `builder.Services.AddHttpContextAccessor();`
* (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
* Verify that `app.UseAntiforgery();` is present.
- * Add `app.MapDefaultControllerRoute();` to configure routing
+ * Add `app.MapDefaultControllerRoute();` to configure routing.
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
From 8d6bbc6f7583e22f64695b573adf52afb1595f52 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:19:38 +0200
Subject: [PATCH 14/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 3108c9ac4e..f84abf80a1 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -44,7 +44,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
- * Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method
+ * Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method.
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
From 3f4704ded8df1d34611a55d5e48bacdcb0bee968 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:20:35 +0200
Subject: [PATCH 15/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index f84abf80a1..58f792db29 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -45,7 +45,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. Decorate the controller class or specific action methods with `[ValidateAntiForgeryToken]`
1. Configure the Razor component, which contains the Telerik Blazor Upload:
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method.
- * Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method
+ * Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method.
* Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
* Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
From 500813f84a92d63ad0627a009c8e49b6faed3d71 Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:20:52 +0200
Subject: [PATCH 16/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 58f792db29..487d9bc56a 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -46,7 +46,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. Configure the Razor component, which contains the Telerik Blazor Upload:
* Inject `AntiforgeryStateProvider` to use its `GetAntiforgeryToken()` method.
* Inject `IAntiforgery` to use its `GetAndStoreTokens(httpContext)` method.
- * Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method
+ * Inject `IHttpContextAccessor` to use its `HttpContext` property in the `GetAndStoreTokens()` method.
* Execute `GetAndStoreTokens()` and/or `GetAntiforgeryToken()` in `OnInitialized` to obtain the required antiforgery information.
* Add the required antiforgery information in the Upload component's [`OnUpload` and `OnRemove` event handlers]({%slug upload-events%}).
From daf83f403aa89163e0890b953c87d332cd1f170d Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:28:13 +0200
Subject: [PATCH 17/19] Update
knowledge-base/upload-validateantiforgerytoken.md
Co-authored-by: Iva Stefanova Koevska-Atanasova
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index 487d9bc56a..cdc3fc05fa 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -38,7 +38,7 @@ Here are the suggested steps to configure .NET Core Blazor antiforgery validatio
1. Edit `Program.cs`:
* Add `builder.Services.AddRazorPages();`
* Add `builder.Services.AddHttpContextAccessor();`
- * (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`
+ * (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`.
* Verify that `app.UseAntiforgery();` is present.
* Add `app.MapDefaultControllerRoute();` to configure routing.
1. [Implement the `Save` and `Remove` controller methods]({%slug upload-overview%}#implement-controller-methods).
From 22e9ee3ea625990976ceebeaa1c4b50ad48c601d Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 19:59:56 +0200
Subject: [PATCH 18/19] Update
knowledge-base/upload-validateantiforgerytoken.md
---
knowledge-base/upload-validateantiforgerytoken.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index cdc3fc05fa..ebbc5fbb68 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -216,6 +216,9 @@ namespace BlazorAppName.Controllers
}
````
+
+## Disclaimer
+
> This article contains code snippets and suggestions that relate to general .NET programming and antiforgery setup of a Blazor application. The provided implementation is just an example and is strictly outside the Telerik support scope. The primary resource for antiforgery configuration is the Microsoft documentation. See [Blazor authentication and authorization](https://learn.microsoft.com/en-us/aspnet/core/blazor/security/).
From cb836410ca8638f7e9e4e7d4b7f7c1f6fabe522e Mon Sep 17 00:00:00 2001
From: Dimo Dimov <961014+dimodi@users.noreply.github.com>
Date: Tue, 16 Jan 2024 20:54:53 +0200
Subject: [PATCH 19/19] improve bullet point
---
knowledge-base/upload-validateantiforgerytoken.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/knowledge-base/upload-validateantiforgerytoken.md b/knowledge-base/upload-validateantiforgerytoken.md
index ebbc5fbb68..fb235e18db 100644
--- a/knowledge-base/upload-validateantiforgerytoken.md
+++ b/knowledge-base/upload-validateantiforgerytoken.md
@@ -35,7 +35,7 @@ This KB article answers the following questions:
Here are the suggested steps to configure .NET Core Blazor antiforgery validation and integrate it with the Telerik Upload component.
-1. Edit `Program.cs`:
+1. Add services and configurations to `Program.cs`:
* Add `builder.Services.AddRazorPages();`
* Add `builder.Services.AddHttpContextAccessor();`
* (optional) Add `builder.Services.AddAntiforgery()` with custom `HeaderName` or `FormFieldName`.