ASP.NET Core 9: File Upload using APIs with IFormFile and Anti-Forgery Token

-

In this micro article, we will be discussing the important change in File Upload feature in ASP.NET Core 9 for IFormFile. I have already written an article for File upload using Minimal APIs on this link. This article is an enhancement in that article. In ASP.NET Core 9, a strict anti-forgery validation for file uploads for IFormFile. While using Minimal APIs endpoints, for file upload using IFormFile or IFormFileCollection, we need to pass an Anti-Forgery token into the HTTP request header. This token will be validated before completing the file upload operations.  

The Minimal API must use the Anti Forgery Token Service as well as the Anti Forgery Token Middleware else the exception will be thrown. The reason behind the change is for the security precaution for the API that consumes data posted form the form. Although we can disable the Anti Forgery token it is not recommended, please avoid it for the production. 

In the Minimal API project created with ASP.NET Core 9, in Program.cs we can add the endpoint for creating Minimal API as shown in code in Listing 1:


app.MapGet("/antiforgery-token", (IAntiforgery antiforgery, HttpContext context) =>
{
    var tokens = antiforgery.GetAndStoreTokens(context);
    return Results.Ok(new { token = tokens.RequestToken });
});

Listing 1: The Minimal API Endpoint for receiving Minimal Token

The code on Listing 1 shows the endpoint that has the Input parameter as IAntiForgery. This interface provides an access to the anti-forgery system that helps to protect against CSRF attacks. The method GetAndStoreTokens(HttpContext) is used to generate an anti-forgery token set and store the cookie token in the response.  There are several other methods defined in this interface. 

Let's add a new Minimal API endpoint to upload the file as shown in Listing 2. 


app.MapPost("/upload", async (IFormFile receivedFile) =>
{
    // Read the folder where the file is to be saved
    var folder = Path.Combine(Directory.GetCurrentDirectory(), "files");
    // REad the Uploaded File Name
    var postedFileName = ContentDispositionHeaderValue
        .Parse(receivedFile.ContentDisposition)
        .FileName.Trim('"');

    // set the file path as FolderName/FileName
    var finalPath = Path.Combine(folder, postedFileName);
    using var fs = File.OpenWrite(finalPath);
        
    await receivedFile.CopyToAsync(fs);
        
});

Listing 2: Endpoint to upload file

Modify the Program.cs by adding Anti-Forgery service and middleware as shown in Listing 3.

.......

builder.Services.AddAntiforgery();

........................
......................
..........................
app.UseAntiforgery(); 

YOUR ENDPOINTS HERE


Listing 3: The Anti-Forgery Service and Middleware

 

Run the application and test it in the Advanced REST Client or in Postman. As shown in the Figure 1, get the Anti-Forgery token:



Figure 1: Get Anti-Forgery Token

 As shown in the Figure 2, send the Anti-Forgery Token in the HTTP Request Header.



Figure 2: Send the Token in the Header of the POST request

This token will be validated by issuer.  Complete the POST request for file upload as shown in Figure 3.



Figure 3: File Upload

Make sure that the Name parameter matches with the name of the IFormFile file parameter passed to the upload endpoint.  In our case it is receivedFile.    


Once the Anti-Forgery token is added the file can be uploaded successfully.

   


Popular posts from this blog

Uploading Excel File to ASP.NET Core 6 application to save data from Excel to SQL Server Database

-
Image
Recently, while conducting a session on ASP.NET Core 6, my client raised a query regarding uploading excel files to the ASP.NET Core MVC application and then further saving data from excel to the SQL Server Database table. I gave him the solution and then thought to write a post on it. As we all know, the Excel Workbook is one of the most heavily used files to save data. But to persist data it is recommended that it should be stored in an SQL Server database.  If the data is stored in an SQL Server database it can be queried easily.  Figure 1, explains an implementation of the application which we are going to discuss in the article. Figure 1: The ASP.NET Core That accepts Excel files and then further store data from Excel Files in SQL Server Database The   ExcelDataReader.DataSet Library To read excel files in ASP.NET Core applications, we need to use the ExcelDataReader.DataSet package. This is a lightweight and fast library for reading Excel files in .NET applications....
Read more

ASP.NET Core 6: Downloading Files from the Server

-
Image
In this article, we will implement the file downloading feature using ASP.NET Core 6 application. In real-world applications, we can have various files like reports, spreadsheets, images, PDF documents stored on the server. (Note that all cloud-hosted applications prefer to store these files on the storage services, e.g. Blob, S3, etc.). But what if the client prefers to store files on the separate file server mapped to the web application host server? Then, in that case, we may need to download these files from the file server. In this article, we will implement exactly the same thing.   Step 1: Open Visual Studio 2022 and create a new ASP.NET Core MVC Application targetted to .NET 6. Name this application as Core6_FileDownload. In this project add a new folder and name it as ServerFiles. In this file add some images. (You can add Excel, PDF, Word, Files). Step 2: Since we need to read the ServerFiles folder using the ASP.NET Core application, we need to add the IFi...
Read more

ASP.NET Core 6: Using Entity Framework Core with Oracle Database with Code-First Approach

-
Image
In this article, we will see how to use Oracle Database with Entity Framework Core with Code-First Approach. The reason behind writing a post on this is, recently while conducting training, one of my students raised the query regarding the EF Core with Oracle. Since Oracle is one of the most powerful databases, various enterprise applications are using it for the past several years and since the .NET Core is the most popular technology for building modern apps, the scenarios for accessing the Oracle database in .NET Core apps the use Entity Framework Core is common. Oracle Data Provider for .NET Entity Framework Core The Oracle Data Provider for .NET i.e. ODP.NET is used to access data from the Oracle database in the .NET Core apps using Entity Framework Core. This uses the Oracle.EntityFrameworkCore.dll, a managed library. This data provider allows using Code-First and Database-First approaches to perform Read/Write Operations with Oracle database.    Implementation To implem...
Read more