In order to be compliant with a security Audit , we need to change the path of the cookies created in our Asp.net core website on dotnet core 1.1
As per my understanding the Antiforgery middleware is automatically injected on using .AddMvc().
I am trying to override the cookie path, by using the below code in Startup.cs
services.AddAntiforgery(options =>
{
options.CookieDomain = "somedefaultName.com";
options.CookieName = "X-CSRF-TOKEN-COOKIENAME";
options.CookiePath = "/Path";
options.FormFieldName = "AntiforgeryFieldname";
options.HeaderName = "X-CSRF-TOKEN-HEADERNAME";
options.RequireSsl = false;
options.SuppressXFrameOptionsHeader = false;
});
But getting the below error on login to the application. The method is decorated with [ValidateAntiForgeryToken]
info:
Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter[1] Antiforgery token validation failed. The required antiforgery cookie "X-CSRF-TOKEN-COOKIENAME" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie "X-CSRF-TOKEN-COOKIENAME" is not present