0

I have a project with laravel 5.2. There is another system in .net. What I want is to get login into laravel 5.2 from .net system. For that, I'm making ajax call from .net app to laravel app. But laravel app is throwing TokenMismatchException. I know I have to send csrf token in request. But how to send csrf token from .net app. If anyone knows the answer, it will be appreciated.

Here is my code.

.net app

$.ajax({
    type: 'POST',
    url: 'http://192.168.1.78/laravel-project/login',
    data: {
        email: 'xyz@xyz.com',
        password: 'pass'
    }
}).success(function (response) {
    response = $.parseJSON(response);
}).error(function () {
    alert('error');
});
Akshay Vaghasiya
  • 1,597
  • 9
  • 36
  • 60

2 Answers2

1

You can disable the csrf check on the login uri by editing the VerifyCsrfToken class of your Laravel app:

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'login/*', // Your route url here
    ];
}

This will make the ajax call to the login route vulnerable to csrf-attacks, but will solve your problem. See it as a workaround / quick fix.

What you really want to do, is to provide the login via an api-call. Since you are using another app to access the laravel app. This is what API's are meant to be used for.

Laravel routes are default handled by the web middleware group, which includes the VerifyCsrfToken class.

What you want to do is specify a new middleware group for you api-calls, which does not include any csrf-checks. I would consider using a package for this, e.g. https://github.com/tymondesigns/jwt-auth

henrik
  • 1,558
  • 3
  • 14
  • 29
0

If you need to send more information with javascript try this

  jQuery.support.cors = true;
    $.ajax({
        url: 'http://192.168.1.78/myproject/login',
        type: 'POST',
        dataType: dataType,
        data: data,
        crossDomain: true,
        cotentType: YOUR_CONTENT_TYPE,
        success: successCallback,
        error: errorCallback,
        beforeSend: function (xhr) {
            xhr.setRequestHeader('Authorization', SOMETHING.val());
        }
    });

To make this script right for your needs, you should read about CORS, crossDomain and xhr.setRequestHeader

You can also use Postman (Chrome extension)

xhr.setRequestHeader

Postman sample

EDIT: Did you read this? Token Mismatch Exception on Login (Laravel)

Regards,

Community
  • 1
  • 1
pix
  • 1,264
  • 19
  • 32
  • Above code is still throwing same error. And you have talked about CORS. For that, I have tried https://laracasts.com/discuss/channels/laravel/cros-access-control-allow-origin-not-in-the-headers – Akshay Vaghasiya Oct 11 '16 at 06:18
  • I have also tried http://stackoverflow.com/questions/34748981/laravel-5-2-cors-get-not-working-with-preflight-options – Akshay Vaghasiya Oct 11 '16 at 06:19
  • I adited my answer with a new link. – pix Oct 11 '16 at 06:29
  • thanx for refereence. In the link, there is a laravel app. But in my case, how .net app will get token and pass it to me?. – Akshay Vaghasiya Oct 11 '16 at 06:40
  • I did not use laravel, but I had to send tokens, JWT token, I used xhr.setRequestHeader('Authorization', TOKENVALUE); Do you know where your token is by now? in C#? If yes, use an hidden field to send the token value to the view, then read it with your JS code. – pix Oct 11 '16 at 06:51
  • exactly. I don't know where is my token in C#. can you suggest me how to get it? – Akshay Vaghasiya Oct 11 '16 at 07:51