public static bool ShouldValidate(this IInfrastructureAntiForgeryManager manager, IAntiForgeryWebConfiguration antiForgeryWebConfiguration, MethodInfo methodInfo, HttpVerb httpVerb, bool defaultValue)
{
if (!antiForgeryWebConfiguration.IsEnabled)
{
return(false);
}
if (methodInfo.IsDefined(typeof(ValidateAntiForgeryTokenAttribute), true))
{
return(true);
}
if (ReflectionHelper.GetSingleAttributeOfMemberOrDeclaringTypeOrDefault <DisableAntiForgeryTokenValidationAttribute>(methodInfo) != null)
{
return(false);
}
if (antiForgeryWebConfiguration.IgnoredHttpVerbs.Contains(httpVerb))
{
return(false);
}
if (methodInfo.DeclaringType?.IsDefined(typeof(ValidateAntiForgeryTokenAttribute), true) ?? false)
{
return(true);
}
return(defaultValue);
}
public AntiForgeryMvcFilter(IInfrastructureAntiForgeryManager AntiForgeryManager, IMvcConfiguration mvcConfiguration, IAntiForgeryWebConfiguration antiForgeryWebConfiguration)
{
_AntiForgeryManager = AntiForgeryManager;
_mvcConfiguration = mvcConfiguration;
_antiForgeryWebConfiguration = antiForgeryWebConfiguration;
Logger = NullLogger.Instance;
}
public static void SetCookie(this IInfrastructureAntiForgeryManager manager, HttpContextBase context, IIdentity identity = null)
{
if (identity != null)
{
context.User = new ClaimsPrincipal(identity);
}
context.Response.Cookies.Add(new HttpCookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
}
public InfrastructureAntiForgeryApiFilter(
IInfrastructureAntiForgeryManager InfrastructureAntiForgeryManager,
IInfrastructureWebApiConfiguration webApiConfiguration,
IAntiForgeryWebConfiguration antiForgeryWebConfiguration)
{
_InfrastructureAntiForgeryManager = InfrastructureAntiForgeryManager;
_webApiConfiguration = webApiConfiguration;
_antiForgeryWebConfiguration = antiForgeryWebConfiguration;
Logger = NullLogger.Instance;
}
private static string GetCookieValue(IInfrastructureAntiForgeryManager manager, HttpRequestHeaders headers)
{
var cookie = headers.GetCookies(manager.Configuration.TokenCookieName).LastOrDefault();
if (cookie == null)
{
return(null);
}
return(cookie[manager.Configuration.TokenCookieName].Value);
}
private static string GetHeaderValue(IInfrastructureAntiForgeryManager manager, HttpRequestHeaders headers)
{
IEnumerable <string> headerValues;
if (!headers.TryGetValues(manager.Configuration.TokenHeaderName, out headerValues))
{
return(null);
}
var headersArray = headerValues.ToArray();
if (!headersArray.Any())
{
return(null);
}
return(headersArray.Last().Split(", ").Last());
}
public static bool IsValid(this IInfrastructureAntiForgeryManager manager, HttpRequestHeaders headers)
{
var cookieTokenValue = GetCookieValue(manager, headers);
if (cookieTokenValue.IsNullOrEmpty())
{
return(true);
}
var headerTokenValue = GetHeaderValue(manager, headers);
if (headerTokenValue.IsNullOrEmpty())
{
return(false);
}
return(manager.As <IAntiForgeryValidator>().IsValid(cookieTokenValue, headerTokenValue));
}
public static bool IsValid(this IInfrastructureAntiForgeryManager manager, HttpContextBase context)
{
var cookieValue = GetCookieValue(context);
if (cookieValue.IsNullOrEmpty())
{
return(true);
}
var formOrHeaderValue = manager.Configuration.GetFormOrHeaderValue(context);
if (formOrHeaderValue.IsNullOrEmpty())
{
return(false);
}
return(manager.As <IAntiForgeryValidator>().IsValid(cookieValue, formOrHeaderValue));
}
public static void SetCookie(this IInfrastructureAntiForgeryManager manager, HttpResponseHeaders headers)
{
headers.SetCookie(new Cookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
}
