public void OnAuthorization(AuthorizationContext context) { Precondition.Require(context, () => Error.ArgumentNull("context")); string value = context.HttpContext.Request.Parameters.Form.GetValue <string>(FieldName); if (String.IsNullOrEmpty(value)) { throw Error.RequestValidationError(); } RequestValidationToken current = RequestValidationToken.Create(context.HttpContext, Value); RequestValidationToken token = RequestValidationToken.Create(value); if (!token.IsValid(current)) { throw Error.RequestValidationError(); } if (_timeout > 0 && (DateTime.Now - token.CreationDate).TotalMinutes > _timeout) { throw Error.RequestValidationError(); } }