public async Task <ValidateResult> Validate(HttpRequestBase request, HttpResponseBase response) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); if (!String.IsNullOrEmpty(request.ContentType)) { try { var contentType = new ContentType(request.ContentType); if (String.Equals(contentType.MediaType, "application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) || String.Equals(contentType.MediaType, "multipart/form-data", StringComparison.OrdinalIgnoreCase)) { ValidationResult validationResult = await _antiCsrfNonceValidator.ValidateAsync(request); ResponseResult responseResult = await _antiCsrfResponseGenerator.GetResponseAsync(validationResult); if (responseResult.ResultType == ResponseResultType.ResponseGenerated) { return(ValidateResult.ResponseGenerated(responseResult.Response)); } } } catch (FormatException) { } } await _antiCsrfCookieManager.ConfigureCookieAsync(request, response); return(ValidateResult.RequestValidated()); }
public Task <Guid?> GetSessionIdAsync(HttpResponseBase response) { response.ThrowIfNull("response"); if (!response.Cookies.AllKeys.Contains(_configuration.CookieName)) { return(null); } Guid sessionId; return((Guid.TryParse(response.Cookies[_configuration.CookieName].Value, out sessionId) ? sessionId : (Guid?)null).AsCompletedTask()); }
public async Task <AuthenticateResult> AuthenticateAsync(HttpRequestBase request, HttpResponseBase response) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); if (_authenticationProvider == null) { return(AuthenticateResult.NoAuthenticationPerformed()); } AuthenticationResult result = await _authenticationProvider.AuthenticateAsync(request, response, this); return(result == AuthenticationResult.AuthenticationSucceeded ? AuthenticateResult.AuthenticationSucceeded() : AuthenticateResult.AuthenticationFailed(await _authenticationProvider.GetFailedAuthenticationResponseAsync(request))); }
public Task ConfigureCookieAsync(HttpRequestBase request, HttpResponseBase response) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); string cookieName = _configuration.CookieName; string sessionId = request.Cookies.AllKeys.Contains(cookieName) ? request.Cookies[cookieName].Value : _guidFactory.Random().ToString("N"); response.Cookies.Remove(cookieName); var cookie = new HttpCookie(cookieName, sessionId) { HttpOnly = true }; response.Cookies.Add(cookie); return(Task.Factory.Empty()); }
public void RemoveTicket(HttpResponseBase response) { response.ThrowIfNull("response"); var cookie = new HttpCookie(_configuration.CookieName, "") { Expires = new DateTime(2000, 01, 01), HttpOnly = true, Path = _configuration.CookiePath, Secure = _configuration.RequireSsl, Shareable = false }; if (_configuration.CookieDomain != null) { cookie.Domain = _configuration.CookieDomain; } response.Cookies.Remove(_configuration.CookieName); response.Cookies.Add(cookie); }
public async Task WriteResponseAsync(HttpResponseBase response) { response.ThrowIfNull("response"); response.StatusCode = _statusCode.StatusCode; response.SubStatusCode = _statusCode.SubStatusCode; response.ContentType = ContentType; response.Charset = Charset; response.ContentEncoding = ContentEncoding; foreach (Header header in Headers) { response.Headers.Add(header.Field, header.Value); } response.HeaderEncoding = HeaderEncoding; foreach (Cookie cookie in Cookies) { response.Cookies.Add(cookie.GetHttpCookie()); } _cachePolicy.Apply(response.Cache); response.TrySkipIisCustomErrors = _skipIisCustomErrors; response.BinaryWrite(await _content.Value); }