public static bool ShouldValidate(
this IStudioXAntiForgeryManager manager,
IStudioXAntiForgeryWebConfiguration antiForgeryWebConfiguration,
MethodInfo methodInfo,
HttpVerb httpVerb,
bool defaultValue)
{
if (!antiForgeryWebConfiguration.IsEnabled)
{
return(false);
}
if (methodInfo.IsDefined(typeof(ValidateStudioXAntiForgeryTokenAttribute), true))
{
return(true);
}
if (ReflectionHelper.GetSingleAttributeOfMemberOrDeclaringTypeOrDefault <DisableStudioXAntiForgeryTokenValidationAttribute>(methodInfo) != null)
{
return(false);
}
if (antiForgeryWebConfiguration.IgnoredHttpVerbs.Contains(httpVerb))
{
return(false);
}
if (methodInfo.DeclaringType?.IsDefined(typeof(ValidateStudioXAntiForgeryTokenAttribute), true) ?? false)
{
return(true);
}
return(defaultValue);
}
public static void SetCookie(this IStudioXAntiForgeryManager manager, HttpContext context, IIdentity identity = null)
{
if (identity != null)
{
context.User = new ClaimsPrincipal(identity);
}
context.Response.Cookies.Append(manager.Configuration.TokenCookieName, manager.GenerateToken());
}
public StudioXAntiForgeryApiFilter(
IStudioXAntiForgeryManager antiForgeryManager,
IStudioXWebApiConfiguration webApiConfiguration,
IStudioXAntiForgeryWebConfiguration antiForgeryWebConfiguration)
{
studioXAntiForgeryManager = antiForgeryManager;
this.webApiConfiguration = webApiConfiguration;
this.antiForgeryWebConfiguration = antiForgeryWebConfiguration;
Logger = NullLogger.Instance;
}
public StudioXAntiForgeryMvcFilter(
IStudioXAntiForgeryManager antiForgeryManager,
IStudioXMvcConfiguration mvcConfiguration,
IStudioXAntiForgeryWebConfiguration antiForgeryWebConfiguration)
{
studioXAntiForgeryManager = antiForgeryManager;
this.mvcConfiguration = mvcConfiguration;
this.antiForgeryWebConfiguration = antiForgeryWebConfiguration;
Logger = NullLogger.Instance;
}
private static string GetCookieValue(IStudioXAntiForgeryManager manager, HttpRequestHeaders headers)
{
var cookie = headers.GetCookies(manager.Configuration.TokenCookieName).LastOrDefault();
if (cookie == null)
{
return(null);
}
return(cookie[manager.Configuration.TokenCookieName].Value);
}
private static string GetHeaderValue(IStudioXAntiForgeryManager manager, HttpRequestHeaders headers)
{
IEnumerable <string> headerValues;
if (!headers.TryGetValues(manager.Configuration.TokenHeaderName, out headerValues))
{
return(null);
}
var headersArray = headerValues.ToArray();
if (!headersArray.Any())
{
return(null);
}
return(headersArray.Last().Split(", ").Last());
}
public static bool IsValid(this IStudioXAntiForgeryManager manager, HttpRequestHeaders headers)
{
var cookieTokenValue = GetCookieValue(manager, headers);
if (cookieTokenValue.IsNullOrEmpty())
{
return(true);
}
var headerTokenValue = GetHeaderValue(manager, headers);
if (headerTokenValue.IsNullOrEmpty())
{
return(false);
}
return(manager.As <IStudioXAntiForgeryValidator>().IsValid(cookieTokenValue, headerTokenValue));
}
public static bool IsValid(this IStudioXAntiForgeryManager manager, HttpContextBase context)
{
var cookieValue = GetCookieValue(context);
if (cookieValue.IsNullOrEmpty())
{
return(true);
}
var formOrHeaderValue = manager.Configuration.GetFormOrHeaderValue(context);
if (formOrHeaderValue.IsNullOrEmpty())
{
return(false);
}
return(manager.As <IStudioXAntiForgeryValidator>().IsValid(cookieValue, formOrHeaderValue));
}
public static void SetCookie(this IStudioXAntiForgeryManager manager, HttpResponseHeaders headers)
{
headers.SetCookie(new Cookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
}
