コード例 #1
0
        public static bool ShouldValidate(this IInfrastructureAntiForgeryManager manager, IAntiForgeryWebConfiguration antiForgeryWebConfiguration, MethodInfo methodInfo, HttpVerb httpVerb, bool defaultValue)
        {
            if (!antiForgeryWebConfiguration.IsEnabled)
            {
                return(false);
            }

            if (methodInfo.IsDefined(typeof(ValidateAntiForgeryTokenAttribute), true))
            {
                return(true);
            }

            if (ReflectionHelper.GetSingleAttributeOfMemberOrDeclaringTypeOrDefault <DisableAntiForgeryTokenValidationAttribute>(methodInfo) != null)
            {
                return(false);
            }

            if (antiForgeryWebConfiguration.IgnoredHttpVerbs.Contains(httpVerb))
            {
                return(false);
            }

            if (methodInfo.DeclaringType?.IsDefined(typeof(ValidateAntiForgeryTokenAttribute), true) ?? false)
            {
                return(true);
            }

            return(defaultValue);
        }
コード例 #2
0
ファイル: AntiForgeryMvcFilter.cs プロジェクト: llenroc/Movie
 public AntiForgeryMvcFilter(IInfrastructureAntiForgeryManager AntiForgeryManager, IMvcConfiguration mvcConfiguration, IAntiForgeryWebConfiguration antiForgeryWebConfiguration)
 {
     _AntiForgeryManager          = AntiForgeryManager;
     _mvcConfiguration            = mvcConfiguration;
     _antiForgeryWebConfiguration = antiForgeryWebConfiguration;
     Logger = NullLogger.Instance;
 }
コード例 #3
0
 public static void SetCookie(this IInfrastructureAntiForgeryManager manager, HttpContextBase context, IIdentity identity = null)
 {
     if (identity != null)
     {
         context.User = new ClaimsPrincipal(identity);
     }
     context.Response.Cookies.Add(new HttpCookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
 }
コード例 #4
0
 public InfrastructureAntiForgeryApiFilter(
     IInfrastructureAntiForgeryManager InfrastructureAntiForgeryManager,
     IInfrastructureWebApiConfiguration webApiConfiguration,
     IAntiForgeryWebConfiguration antiForgeryWebConfiguration)
 {
     _InfrastructureAntiForgeryManager = InfrastructureAntiForgeryManager;
     _webApiConfiguration         = webApiConfiguration;
     _antiForgeryWebConfiguration = antiForgeryWebConfiguration;
     Logger = NullLogger.Instance;
 }
コード例 #5
0
        private static string GetCookieValue(IInfrastructureAntiForgeryManager manager, HttpRequestHeaders headers)
        {
            var cookie = headers.GetCookies(manager.Configuration.TokenCookieName).LastOrDefault();

            if (cookie == null)
            {
                return(null);
            }
            return(cookie[manager.Configuration.TokenCookieName].Value);
        }
コード例 #6
0
        private static string GetHeaderValue(IInfrastructureAntiForgeryManager manager, HttpRequestHeaders headers)
        {
            IEnumerable <string> headerValues;

            if (!headers.TryGetValues(manager.Configuration.TokenHeaderName, out headerValues))
            {
                return(null);
            }
            var headersArray = headerValues.ToArray();

            if (!headersArray.Any())
            {
                return(null);
            }
            return(headersArray.Last().Split(", ").Last());
        }
コード例 #7
0
        public static bool IsValid(this IInfrastructureAntiForgeryManager manager, HttpRequestHeaders headers)
        {
            var cookieTokenValue = GetCookieValue(manager, headers);

            if (cookieTokenValue.IsNullOrEmpty())
            {
                return(true);
            }

            var headerTokenValue = GetHeaderValue(manager, headers);

            if (headerTokenValue.IsNullOrEmpty())
            {
                return(false);
            }
            return(manager.As <IAntiForgeryValidator>().IsValid(cookieTokenValue, headerTokenValue));
        }
コード例 #8
0
        public static bool IsValid(this IInfrastructureAntiForgeryManager manager, HttpContextBase context)
        {
            var cookieValue = GetCookieValue(context);

            if (cookieValue.IsNullOrEmpty())
            {
                return(true);
            }

            var formOrHeaderValue = manager.Configuration.GetFormOrHeaderValue(context);

            if (formOrHeaderValue.IsNullOrEmpty())
            {
                return(false);
            }

            return(manager.As <IAntiForgeryValidator>().IsValid(cookieValue, formOrHeaderValue));
        }
コード例 #9
0
 public static void SetCookie(this IInfrastructureAntiForgeryManager manager, HttpResponseHeaders headers)
 {
     headers.SetCookie(new Cookie(manager.Configuration.TokenCookieName, manager.GenerateToken()));
 }