/// <summary> /// Validates the headers/cookies passed in for the request /// </summary> /// <param name="requestHeaders"></param> /// <param name="failedReason"></param> /// <returns></returns> public static bool ValidateHeaders(HttpRequestHeaders requestHeaders, out string failedReason) { failedReason = ""; if (requestHeaders.Any(z => z.Key.InvariantEquals(AngularHeadername)) == false) { failedReason = "Missing token"; return false; } var headerToken = requestHeaders .Where(z => z.Key.InvariantEquals(AngularHeadername)) .Select(z => z.Value) .SelectMany(z => z) .FirstOrDefault(); var cookieToken = requestHeaders .GetCookies() .Select(c => c[CsrfValidationCookieName]) .FirstOrDefault(); // both header and cookie must be there if (cookieToken == null || headerToken == null) { failedReason = "Missing token null"; return false; } if (ValidateTokens(cookieToken.Value, headerToken) == false) { failedReason = "Invalid token"; return false; } return true; }