public static bool ShouldValidate(
this ICodeZeroAntiForgeryManager manager,
ICodeZeroAntiForgeryWebConfiguration antiForgeryWebConfiguration,
MethodInfo methodInfo,
HttpVerb httpVerb,
bool defaultValue)
{
if (!antiForgeryWebConfiguration.IsEnabled)
{
return(false);
}
if (methodInfo.IsDefined(typeof(ValidateCodeZeroAntiForgeryTokenAttribute), true))
{
return(true);
}
if (ReflectionHelper.GetSingleAttributeOfMemberOrDeclaringTypeOrDefault <DisableCodeZeroAntiForgeryTokenValidationAttribute>(methodInfo) != null)
{
return(false);
}
if (antiForgeryWebConfiguration.IgnoredHttpVerbs.Contains(httpVerb))
{
return(false);
}
if (methodInfo.DeclaringType?.IsDefined(typeof(ValidateCodeZeroAntiForgeryTokenAttribute), true) ?? false)
{
return(true);
}
return(defaultValue);
}
public static void SetCookie(this ICodeZeroAntiForgeryManager manager, HttpContextBase context, IIdentity identity = null)
{
if (identity != null)
{
context.User = new ClaimsPrincipal(identity);
}
context.Response.Cookies.Add(new HttpCookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
}
public CodeZeroAntiForgeryApiFilter(
ICodeZeroAntiForgeryManager CodeZeroAntiForgeryManager,
ICodeZeroWebApiConfiguration webApiConfiguration,
ICodeZeroAntiForgeryWebConfiguration antiForgeryWebConfiguration)
{
_CodeZeroAntiForgeryManager = CodeZeroAntiForgeryManager;
_webApiConfiguration = webApiConfiguration;
_antiForgeryWebConfiguration = antiForgeryWebConfiguration;
Logger = NullLogger.Instance;
}
public CodeZeroAntiForgeryMvcFilter(
ICodeZeroAntiForgeryManager CodeZeroAntiForgeryManager,
ICodeZeroMvcConfiguration mvcConfiguration,
ICodeZeroAntiForgeryWebConfiguration antiForgeryWebConfiguration)
{
_CodeZeroAntiForgeryManager = CodeZeroAntiForgeryManager;
_mvcConfiguration = mvcConfiguration;
_antiForgeryWebConfiguration = antiForgeryWebConfiguration;
Logger = NullLogger.Instance;
}
private static string GetCookieValue(ICodeZeroAntiForgeryManager manager, HttpRequestHeaders headers)
{
var cookie = headers.GetCookies(manager.Configuration.TokenCookieName).LastOrDefault();
if (cookie == null)
{
return(null);
}
return(cookie[manager.Configuration.TokenCookieName].Value);
}
public static bool IsValid(this ICodeZeroAntiForgeryManager manager, HttpContextBase context)
{
var cookieValue = GetCookieValue(context);
if (cookieValue.IsNullOrEmpty())
{
return(true);
}
var formOrHeaderValue = manager.Configuration.GetFormOrHeaderValue(context);
if (formOrHeaderValue.IsNullOrEmpty())
{
return(false);
}
return(manager.As <ICodeZeroAntiForgeryValidator>().IsValid(cookieValue, formOrHeaderValue));
}
private static string GetHeaderValue(ICodeZeroAntiForgeryManager manager, HttpRequestHeaders headers)
{
IEnumerable <string> headerValues;
if (!headers.TryGetValues(manager.Configuration.TokenHeaderName, out headerValues))
{
return(null);
}
var headersArray = headerValues.ToArray();
if (!headersArray.Any())
{
return(null);
}
return(headersArray.Last().Split(", ").Last());
}
public static bool IsValid(this ICodeZeroAntiForgeryManager manager, HttpRequestHeaders headers)
{
var cookieTokenValue = GetCookieValue(manager, headers);
if (cookieTokenValue.IsNullOrEmpty())
{
return(true);
}
var headerTokenValue = GetHeaderValue(manager, headers);
if (headerTokenValue.IsNullOrEmpty())
{
return(false);
}
return(manager.As <ICodeZeroAntiForgeryValidator>().IsValid(cookieTokenValue, headerTokenValue));
}
public static void SetCookie(this ICodeZeroAntiForgeryManager manager, HttpResponseHeaders headers)
{
headers.SetCookie(new Cookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
}
