locked
CSRF tokens

    Question

  • Hi, I am writing a windows store/phone app (Universal app) which inturn calls another applications API that is hosted by some external site - say www.external.com. When i allow the user to login from the windows app and the login request is made to external.com, i get invalid csrf token error. The error makes sense but i am not sure how to allow origin or tell the external site to trust this app's call. Is there an example that i can follow? In asp.net i believe there is Antiforgery api but i am not sure of one in windows store apps.

    Thanks

    Thursday, November 27, 2014 10:45 PM

All replies

  • There is no antiforgery api in store app. If you need this feature, you can ask if on UserVoice. https://wpdev.uservoice.com/forums/110705-dev-platform. 
    Friday, November 28, 2014 2:23 PM
  • So with what we have in Universal app, how do i call another API by generating valid tokens? Any examples out there?

    Saturday, November 29, 2014 9:24 PM
  • Hi Krithiga,

    How did you connect to the web site in the universal app? Web service, REST or any other methods? Base on my knowledge, CSRF token error indicates the server need something to authenticate the request. The service of “www.external.com” must expose some APIs, you should check this by yourself.

    Please feel free to let me know if you have any concerns.

    Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Tuesday, December 2, 2014 6:54 AM
    Moderator