public static void Register(HttpConfiguration config)
{
// enable elmah
var elmah = new ElmahExceptionLogger();
config.Services.Add(typeof(IExceptionLogger), elmah);
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { controller = "Home", id = RouteParameter.Optional },
// constraint required so this route only matches valid controller names
constraints: new { controller = GetControllerNames() }
);
// catch all route mapped to ErrorController so 404 errors
// can be logged in elmah
config.Routes.MapHttpRoute(
name: "NotFound",
routeTemplate: "{*path}",
defaults: new { controller = "Error", action = "NotFound" }
);
}
public IHttpActionResult Record(ClientExceptionModel model)
{
// Create the exception and exception context
var exception = new ClientException(model);
var catchBlock = new ExceptionContextCatchBlock("catchBlock", true, false);
var context = new ExceptionContext(exception, catchBlock, Request);
var loggerContext = new ExceptionLoggerContext(context);
// Call elmah & log the exception
var logger = new ElmahExceptionLogger();
logger.Log(loggerContext);
// Return
return(StatusCode(HttpStatusCode.NoContent));
}
private static bool Validate(CookieState cookie, string token)
{
var cookieValue = cookie != null ? cookie.Value : null;
try
{
AntiForgery.Validate(cookieValue, token);
}
catch (Exception ex)
{
ElmahExceptionLogger.DefaultLog(new Exception(
string.Format("Failed validation using cookie[{0}] and token[{1}]", cookieValue, token)
, ex));
return(false);
}
return(true);
}
public Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
try
{
var headers = actionContext.Request.Headers;
var cookies = headers.GetCookies().ToList();
var cookieStates = cookies.Select(c => c[AntiForgeryConfig.CookieName]).ToList();
if (cookieStates.Count != 1)
{
ElmahExceptionLogger.DefaultLog(new Exception(string.Format("Expected single anti-forgery cookie state, but found {0}.", cookieStates.Count)));
}
var tokenValues = headers.GetValues(AntiForgeryConfig.CookieName).ToList();
var validationResults = cookieStates.SelectMany(c => tokenValues.Select(t => Validate(c, t))).ToList();
if (!validationResults.Any(r => r))
{
validationResults = tokenValues.Select(t => Validate(null, t)).ToList();
if (!validationResults.Any(r => r))
{
actionContext.Response = new HttpResponseMessage
{
StatusCode = HttpStatusCode.Forbidden,
RequestMessage = actionContext.ControllerContext.Request
};
return(fromResult(actionContext.Response));
}
}
return(continuation());
}
catch (Exception ex)
{
ElmahExceptionLogger.DefaultLog(ex);
actionContext.Response = new HttpResponseMessage
{
StatusCode = HttpStatusCode.Forbidden,
RequestMessage = actionContext.ControllerContext.Request
};
return(fromResult(actionContext.Response));
}
}
