public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            var    queryParams      = context.Request.GetQueryNameValuePairs();
            string antiforgeryToken = null;

            foreach (var queryParam in queryParams)
            {
                if (queryParam.Key == "antiforgeryToken")
                {
                    antiforgeryToken = queryParam.Value;
                }
            }

            if (antiforgeryToken == null)
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }
            if (!Antiforgery.ValidateToken("antiforgeryTokenGet", antiforgeryToken))
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }

            return(Task.FromResult(antiforgeryToken));
        }
Example #2
0
        public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            var    serializedRequest = context.Request.Content.ReadAsStringAsync().Result;
            string antiforgeryToken  = Serialization.Deserialize <dynamic>(serializedRequest).antiforgeryToken;

            if (antiforgeryToken == null)
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }
            if (!Antiforgery.ValidateToken("antiforgeryTokenPost", antiforgeryToken))
            {
                context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request);
                return(Task.FromResult(0));
            }

            return(Task.FromResult(antiforgeryToken));
        }