/// <inheritdoc /> public async Task <bool> IsRequestValidAsync(HttpContext httpContext) { if (httpContext == null) { throw new ArgumentNullException(nameof(httpContext)); } CheckSSLConfig(httpContext); var method = httpContext.Request.Method; if (string.Equals(method, "GET", StringComparison.OrdinalIgnoreCase) || string.Equals(method, "HEAD", StringComparison.OrdinalIgnoreCase) || string.Equals(method, "OPTIONS", StringComparison.OrdinalIgnoreCase) || string.Equals(method, "TRACE", StringComparison.OrdinalIgnoreCase)) { // Validation not needed for these request types. return(true); } var tokens = await _tokenStore.GetRequestTokensAsync(httpContext); if (tokens.CookieToken == null) { _logger.MissingCookieToken(_options.Cookie.Name); return(false); } if (tokens.RequestToken == null) { _logger.MissingRequestToken(_options.FormFieldName, _options.HeaderName); return(false); } // Extract cookie & request tokens AntiforgeryToken deserializedCookieToken; AntiforgeryToken deserializedRequestToken; DeserializeTokens(httpContext, tokens, out deserializedCookieToken, out deserializedRequestToken); // Validate string message; var result = _tokenGenerator.TryValidateTokenSet( httpContext, deserializedCookieToken, deserializedRequestToken, out message); if (result) { _logger.ValidatedAntiforgeryToken(); } else { _logger.ValidationFailed(message); } return(result); }
/// <inheritdoc /> public async Task <bool> IsRequestValidAsync(HttpContext httpContext) { if (httpContext == null) { throw new ArgumentNullException(nameof(httpContext)); } CheckSSLConfig(httpContext); var method = httpContext.Request.Method; if (HttpMethods.IsGet(method) || HttpMethods.IsHead(method) || HttpMethods.IsOptions(method) || HttpMethods.IsTrace(method)) { // Validation not needed for these request types. return(true); } var tokens = await _tokenStore.GetRequestTokensAsync(httpContext); if (tokens.CookieToken == null) { _logger.MissingCookieToken(_options.Cookie.Name); return(false); } if (tokens.RequestToken == null) { _logger.MissingRequestToken(_options.FormFieldName, _options.HeaderName); return(false); } // Extract cookie & request tokens if (!TryDeserializeTokens(httpContext, tokens, out var deserializedCookieToken, out var deserializedRequestToken)) { return(false); } // Validate var result = _tokenGenerator.TryValidateTokenSet( httpContext, deserializedCookieToken, deserializedRequestToken, out var message); if (result) { _logger.ValidatedAntiforgeryToken(); } else { _logger.ValidationFailed(message !); } return(result); }
public async Task <AntiforgeryTokenSet> GetRequestTokensAsync(HttpContext httpContext) { // // Get cookie token string requestCookie = httpContext.Request.Cookies[_options.CookieName]; string requestToken = null; // // Get header token if (!string.IsNullOrEmpty(requestCookie)) { requestToken = httpContext.Request.Headers[_options.FormFieldName]; } // if (!string.IsNullOrEmpty(requestToken)) { return(new AntiforgeryTokenSet(requestToken, requestCookie, _options.CookieName, _options.FormFieldName)); } // // Fall back to the default implementation try { var res = await _defaultStore.GetRequestTokensAsync(httpContext); return(res); } catch (Exception e) { throw new AntiforgeryException(e); } }