After upgrading to either 15.3.0 or 15.3.1 from 15.2.3, the only Surface Controller methods post Login, which still work, are those marked IgnoreAntiforgeryToken.
We do implement somewhat bespoke Session management and do not use the Umbraco Database to store Members but this has been working up to this version.
How do you render the form?
There was a change to the default - If you don’t use the inbuilt helper make sure you’ve got the token there etc.
If you manually output the forgery token check if you should or not now (from memory if you use the inbuilt helper you shouldn’t output the token as it will duplicate and cause issues).
EDIT: Sorry - I realise my response isn’t a direct fix and a bit confusing but I just remember having issues with this and it being because in some places the code I inherited was manually outputting the antiforgery token and others it wasn’t and it caused issues on upgrade.
Hi Steve,
I generally am using the Html.BeginUmbracoForm structure. Indeed in the upgrade to .Net Core a couple of years ago I did have to remove all the ‘Html.AntiForgeryToken()’ bits but is that the only bit you mean?
Cheers,
George
Update - I have discovered that the ExternalLoginSignInAsync method is now called not only on login for my application but on every page load after the upgrade to 15.3.0. Still investigating the why but I am fairly certain this is the cause of the issues.
OK it is now seeming the real issue is actually memberManager IsLoggedIn() no longer returns true because of the changes in: V13: Fix members while using basic auth. (#18206) · umbraco/Umbraco-CMS@b4a9dc0 · GitHub
With our implementation using cookies auth it appears that it no longer works with the method so our solution will likely be to add an override on this back to the prior version. Might also try to add a distinguishing check of our own between member and backoffice if it looks like it is needed.