Problem
I was investigating scaffolding out a basic crud web application and using EF Core with Razor Pages and came across a problem which was very strange. I was following the tutorial which can be found - https://docs.microsoft.com/en-us/aspnet/core/data/ef-rp/intro - using the Visual Studio based instructions.
I was able to create my data model ok. I was able to scaffold out the base pages using the specified data model and DbContext fine. I ran the application up and was able to access the generated pages ok. However when I went to create a new entity I kept getting an error with no log information. Looking at the developer tool bar information all I got was error 400 with no information.
I was a bit stumped, so what was the problem?
Solution
On searching for the problem I came across a page explaining Request Verification - https://www.learnrazorpages.com/security/request-verification - which my spidey sense thought was related. As part of my debugging process I looked at “opting out” of the verification requests as explained in the blog post to try and rule it out. On configuring the filter to ignore the verification token using IgnoreAntiforgeryTokenAttribute I was able to execute saving and editing records without issue so I knew it was related.
I removed the filter as Antiforgery token processing is important for security so I wanted to make sure that it was turned back on.
So what was the next step?
As part of the anti forgery token processing it uses cookies so that was my next port of call.
On opening the Chrome dev tool bar and navigating to the cookies section I found what I think was the problem. As I was running the ASP.NET Core application on the default host and port combination, localhost and 5000/5001, there were a large amount of cookies left over from other applications being run and included in the list were multiple anti forgery based cookies which had expired. On removing all the cookies and restarting the application it worked perfectly.
Conclusion
In this post we have seen that security is important and actually when it comes to anti forgery tokens and the associated cookies it breaks when you want it to. I’ve not done any front end development in a few years so took a bit longer to diagnose but I got there in the end.
Any questions/comments then please contact me on Twitter @WestDiscGolf