.Net Core Forgery Token Validation in JSON

2019-08-21 07:48发布

问题:

As the title defined, I want to validate my "FORM" HTTP requests using [ValidateAntiForgeryToken]. The thing is, I am trying to send raw data as application/json using Postman. If I just send __RequestVerificationTokenvalue as form-data it works. But I don't think we can send POST requests as "raw" and "form-data" at the same time.

So, what should I do?

Controller:

[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult PhoneBook([FromBody]PersonnelFilterReq filterList)
{
    return Ok("FINALLY WORKED!!!!");
}

Model (used in POST method):

using System.Collections.Generic;

namespace GebzeShared.Modules.HR.Personnel.RequestModels
{
    /// <summary>
    /// Personel sayfaları için genel request metodu
    /// </summary>
    public class PersonnelFilterReq
    {
        /// <summary>
        /// Arama Değeri
        /// </summary>
        public string SearchValue { get; set; }

        /// <summary>
        /// Filtre Listesi
        /// </summary>
        public ICollection<FilterList> Filter { get; set; }

        /// <summary>
        /// 
        /// </summary>
        public int TotalCount { get; set; }

        /// <summary>
        /// 
        /// </summary>
        public int PageNumber { get; set; }

        /// <summary>
        /// 
        /// </summary>
        public string OrderColumn { get; set; }
    }

    /// <summary>
    /// 
    /// </summary>
    public class FilterList
    {
        /// <summary>
        /// Filterinin Adı
        /// </summary>
        public string FilterName { get; set; }

        /// <summary>
        /// Filtrenin Değeri
        /// </summary>
        public ICollection<string> FilterValue { get; set; }
    }
}

Sended JSON "raw" data:

    {
    "SearchValue": "ShiroiTora",
    "Filter": [
        {
            "FilterName": "DepartmentIdList",
            "FilterValue": [
                "1",
                "2",
                "3"
            ]
        }   
    ],
    "TotalCount": "1000",
    "PageNumber": "1",
    "OrderColumn": "Name"
},
//{
//  "__RequestVerificationToken": "*some_token_here"
//}

Sended "form-data":