public void OnAuthorization(AuthorizationContext context)
{
var methodInfo = context.ActionDescriptor.GetMethodInfoOrNull();
if (methodInfo == null)
{
return;
}
var httpVerb = HttpVerbHelper.Create(context.HttpContext.Request.HttpMethod);
if (!_CodeZeroAntiForgeryManager.ShouldValidate(_antiForgeryWebConfiguration, methodInfo, httpVerb, _mvcConfiguration.IsAutomaticAntiForgeryValidationEnabled))
{
return;
}
if (!_CodeZeroAntiForgeryManager.IsValid(context.HttpContext))
{
CreateErrorResponse(context, methodInfo, "Empty or invalid anti forgery header token.");
}
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(
HttpActionContext actionContext,
CancellationToken cancellationToken,
Func <Task <HttpResponseMessage> > continuation)
{
var methodInfo = actionContext.ActionDescriptor.GetMethodInfoOrNull();
if (methodInfo == null)
{
return(await continuation());
}
if (!_CodeZeroAntiForgeryManager.ShouldValidate(_antiForgeryWebConfiguration, methodInfo, actionContext.Request.Method.ToHttpVerb(), _webApiConfiguration.IsAutomaticAntiForgeryValidationEnabled))
{
return(await continuation());
}
if (!_CodeZeroAntiForgeryManager.IsValid(actionContext.Request.Headers))
{
return(CreateErrorResponse(actionContext, "Empty or invalid anti forgery header token."));
}
return(await continuation());
}
