Example #1
0
        public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            var    queryParams      = context.Request.GetQueryNameValuePairs();
            string antiforgeryToken = null;

            foreach (var queryParam in queryParams)
            {
                if (queryParam.Key == "antiforgeryToken")
                {
                    antiforgeryToken = queryParam.Value;
                }
            }

            if (antiforgeryToken == null)
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }
            if (!Antiforgery.ValidateToken("antiforgeryTokenGet", antiforgeryToken))
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }

            return(Task.FromResult(antiforgeryToken));
        }
Example #2
0
        public async Task <IActionResult> Details()
        {
            var loggedInAccount = await AuthService.GetLoggedInAccountAsync(User);

            if (loggedInAccount == null)
            {
                return(Unauthorized());
            }

            var tokens = Antiforgery.GetAndStoreTokens(HttpContext);

            var vm = new AuthDetailsViewModel()
            {
                LoggedInUser = new UserDetailsViewModel
                {
                    Id           = loggedInAccount.Id,
                    Name         = loggedInAccount.Name,
                    EmailAddress = loggedInAccount.EmailAddress,
                    XSRFToken    = tokens.RequestToken,
                    HasAvatarUrl = !string.IsNullOrWhiteSpace(loggedInAccount.AvatarUrl),
                    AccountType  = !string.IsNullOrWhiteSpace(loggedInAccount.GitHubId) ? "Github" :
                                   !string.IsNullOrWhiteSpace(loggedInAccount.GoogleId) ? "Google" :
                                   !string.IsNullOrWhiteSpace(loggedInAccount.MicrosoftId) ? "Microsoft" :
                                   "Unknown"
                }
            };

            return(ModelState.GetJsonResultWithValidationErrors(vm));
        }
Example #3
0
        public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            var    serializedRequest = context.Request.Content.ReadAsStringAsync().Result;
            string antiforgeryToken  = Serialization.Deserialize <dynamic>(serializedRequest).antiforgeryToken;

            if (antiforgeryToken == null)
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }
            if (!Antiforgery.ValidateToken("antiforgeryTokenPost", antiforgeryToken))
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }

            return(Task.FromResult(antiforgeryToken));
        }
Example #4
0
			// Valid post
			protected async Task<bool> ValidPost() => !Config.CheckToken || !IsPost() || IsApi() || await Antiforgery.IsRequestValidAsync(HttpContext);