I’m working on an Umbraco site with member authentication, and I’ve run into an issue: when a member’s session times out and they try to submit a form, the page doesn’t redirect them to the login page. Instead, it just shows an 500 error, and logs Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The provided antiforgery token was meant for a different claims-based user than the current user.
Is there a recommended way in Umbraco to automatically redirect members to the login page if their session has expired and then back to form? Any guidance or best practices would be appreciated!
Without seeing any code it’s hard to say. My guess would be that the surface controller you are posting back to is not “projected”. Are you decorating your endpoint with the [UmbracoMemberAuthorize] attribute? If not that should do it, however it may not redirect you correctly, if not you can set an unauthorized page configuring your access denied path via CookieOptions like this:
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
namespace YOURPROJECTNAME.Core.Configuration
{
public class ConfigureCustomMemberCookieOptions : IConfigureNamedOptions<CookieAuthenticationOptions>
{
public void Configure(string name, CookieAuthenticationOptions options)
{
if (name == IdentityConstants.ApplicationScheme || name == IdentityConstants.ExternalScheme)
{
Configure(options);
}
}
public void Configure(CookieAuthenticationOptions options)
{
options.AccessDeniedPath = "/account/login";
}
}
}