/// <summary>
/// Validates the headers/cookies passed in for the request
/// </summary>
/// <param name="requestHeaders"></param>
/// <param name="failedReason"></param>
/// <returns></returns>
public static bool ValidateHeaders(HttpRequestHeaders requestHeaders, out string failedReason)
{
failedReason = "";
if (requestHeaders.Any(z => z.Key.InvariantEquals(AngularHeadername)) == false)
{
failedReason = "Missing token";
return false;
}
var headerToken = requestHeaders
.Where(z => z.Key.InvariantEquals(AngularHeadername))
.Select(z => z.Value)
.SelectMany(z => z)
.FirstOrDefault();
var cookieToken = requestHeaders
.GetCookies()
.Select(c => c[CsrfValidationCookieName])
.FirstOrDefault();
// both header and cookie must be there
if (cookieToken == null || headerToken == null)
{
failedReason = "Missing token null";
return false;
}
if (ValidateTokens(cookieToken.Value, headerToken) == false)
{
failedReason = "Invalid token";
return false;
}
return true;
}
