BlazorWeb antiforgery issue on SignInAsync.

[ssperoniGIT]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

The edit form already has AntiforgeryToken >.

Login with httpContext.SignInAsync, then logout with httpContext.SignOutAsync.
Then login again from same page.
I get the following msg:
'A valid antiforgery token was not provided with the request. Add an antiforgery token, or disable antiforgery validation for this endpoint.'

Expected Behavior

Be able to Login a second time from same page.

Steps To Reproduce

Project with minimal code;
https://github.com/ssperoniGIT/BlazorWeb-antiforgery-issue-on-login.

Exceptions (if any)

No response

.NET Version

8-rc.1

Anything else?

No response

[Kahbazi]

@ssperoniGIT I'm not 100% sure, but this might solve the problem.

Tokens should be refreshed after the user is authenticated by redirecting the user to a view or Razor Pages page.

https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-7.0#refresh-tokens-after-authentication-1

[ssperoniGIT]

I added a Razor Page to the Blazor-ssr project. However, I was unable to find a way to navigate to the Razor Page so could not test this. Perhaps someone could give us guidance on Blazor-ssr cookie authentication.

[javiercn]

This is caused by the implicit antiforgery middleware, you can use app.UseAntiforgery() after app.UseAuthentication() to workaround it. We are going to use #50818 to track it