C# (CSharp) Umbraco.Web.WebApi.Filters AngularAntiForgeryHelper Examples

Programming Language: C# (CSharp)

Namespace/Package Name: Umbraco.Web.WebApi.Filters

Examples at hotexamples.com: 2

C# (CSharp) Umbraco.Web.WebApi.Filters AngularAntiForgeryHelper - 2 examples found. These are the top rated real world C# (CSharp) examples of Umbraco.Web.WebApi.Filters.AngularAntiForgeryHelper extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

GetTokens(1)

ValidateHeaders(1)

Example #1

Show file

File: ValidateAngularAntiForgeryTokenAttribute.cs Project: filipesousa20/Umbraco-CMS-V7

        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            var userIdentity = ((ApiController)actionContext.ControllerContext.Controller).User.Identity as ClaimsIdentity;

            if (userIdentity != null)
            {
                //if there is not CookiePath claim, then exist
                if (userIdentity.HasClaim(x => x.Type == ClaimTypes.CookiePath) == false)
                {
                    base.OnActionExecuting(actionContext);
                    return;
                }
            }

            string failedReason;

            if (AngularAntiForgeryHelper.ValidateHeaders(actionContext.Request.Headers, out failedReason) == false)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
                actionContext.Response.ReasonPhrase = failedReason;
                return;
            }

            base.OnActionExecuting(actionContext);
        }

Example #2

Show file

File: SetAngularAntiForgeryTokensAttribute.cs Project: filipesousa20/Umbraco-CMS-V7

        public override void OnActionExecuted(HttpActionExecutedContext context)
        {
            if (context.Response == null)
            {
                return;
            }

            //DO not set the token cookies if the request has failed!!
            if (context.Response.StatusCode != HttpStatusCode.OK)
            {
                return;
            }

            //don't need to set the cookie if they already exist and they are valid
            if (context.Request.Headers.GetCookies(AngularAntiForgeryHelper.AngularCookieName).Any() &&
                context.Request.Headers.GetCookies(AngularAntiForgeryHelper.CsrfValidationCookieName).Any())
            {
                //if they are not valid for some strange reason - we need to continue setting valid ones
                string failedReason;
                if (AngularAntiForgeryHelper.ValidateHeaders(context.Request.Headers, out failedReason))
                {
                    return;
                }
            }

            string cookieToken, headerToken;

            AngularAntiForgeryHelper.GetTokens(out cookieToken, out headerToken);

            //We need to set 2 cookies: one is the cookie value that angular will use to set a header value on each request,
            // the 2nd is the validation value generated by the anti-forgery helper that we use to validate the header token against.

            var angularCookie = new CookieHeaderValue(AngularAntiForgeryHelper.AngularCookieName, headerToken)
            {
                Path = "/",
                //must be js readable
                HttpOnly = false,
                Secure   = GlobalSettings.UseSSL
            };

            var validationCookie = new CookieHeaderValue(AngularAntiForgeryHelper.CsrfValidationCookieName, cookieToken)
            {
                Path     = "/",
                HttpOnly = true,
                Secure   = GlobalSettings.UseSSL
            };

            context.Response.Headers.AddCookies(new[] { angularCookie, validationCookie });
        }