public void OnAuthorization(AuthorizationContext context)
        {
            var methodInfo = context.ActionDescriptor.GetMethodInfoOrNull();

            if (methodInfo == null)
            {
                return;
            }
            var httpVerb = HttpVerbHelper.Create(context.HttpContext.Request.HttpMethod);

            if (!_AntiForgeryManager.ShouldValidate(_antiForgeryWebConfiguration, methodInfo, httpVerb, _mvcConfiguration.IsAutomaticAntiForgeryValidationEnabled))
            {
                return;
            }

            if (!_AntiForgeryManager.IsValid(context.HttpContext))
            {
                CreateErrorResponse(context, methodInfo, "Empty or invalid anti forgery header token.");
            }
        }
Exemple #2
0
 public static HttpVerb ToHttpVerb(this HttpMethod method)
 {
     return(HttpVerbHelper.Create(method.Method));
 }