public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.Request.Method != HttpMethod.Get)
{
string token = null;
IEnumerable <string> tokenHeaders;
if (actionContext.Request.Headers.TryGetValues(TOKEN_HEADER, out tokenHeaders))
{
token = tokenHeaders.First();
}
if (string.IsNullOrWhiteSpace(token))
{
throw new ApplicationException($"The CSRF token is missing. Please add the {TOKEN_HEADER} header with a valid token.");
}
var service = new AntiCSRFService();
service.ValidateToken(token);
}
}
private static string GetCsrfToken()
{
var service = new AntiCSRFService();
return(service.GetToken());
}
