lonix
Reputation: 21011
Rename ASP.NET Core's antiforgery cookie and maintain random part
ASP.NET Core's anti-forgery cookie name is .AspNetCore.Antiforgery.XXX where the last bit is random.
The cookie can be renamed like so:
builder.Services.AddAntiforgery(x => x.Cookie.Name = "Foo");
But that will produce a cookie named Foo rather than Foo.XXX.
The options object has a field AntiforgeryOptions.DefaultCookiePrefix. Unfortunately it's readonly.
What is the purpose of the random substring (and is it really random or some sort of key?), and how can I rename the cookie so it still has that substring?
Upvotes: 1
Views: 435
Answers (1)
Cristian Olaru
Reputation: 485
solution for .NET 8
define the following class:
internal class UnsafeAccessorClassAntiforgeryOptions
{
[UnsafeAccessor(UnsafeAccessorKind.StaticField, Name = "DefaultCookiePrefix")]
public static extern ref string GetUnsafeStaticFieldDefaultCookiePrefix(AntiforgeryOptions obj);
}
then in Program.cs as the first line:
UnsafeAccessorClassAntiforgeryOptions.GetUnsafeStaticFieldDefaultCookiePrefix(new()) = ".AntiForgery.";
more info about UnsafeAccessorAttribute at:
Upvotes: 0
Related Questions
- What is the difference between server side cookie and client side cookie?
- How do I create and read a value from cookie with javascript?
- Async OnActionExecuting in ASP.NET Core's ActionFilterAttribute
- URL Encode and Decode in ASP.NET Core
- AntiForgery Token in ASP.NET Core
- ASP.NET MVC The required anti-forgery form field __RequestVerificationToken is not present
- Rename TwoFactorUserId cookie in asp.net core 2.1
- Getting ValidateAntiForgeryToken working with Angular 4 and Asp.Net Core 2
- How to enable third party client authentication Asp .Net MVC