Exemplo n.º 1
0
        public async Task <ValidateResult> Validate(HttpRequestBase request, HttpResponseBase response)
        {
            request.ThrowIfNull("request");
            response.ThrowIfNull("response");

            if (!String.IsNullOrEmpty(request.ContentType))
            {
                try
                {
                    var contentType = new ContentType(request.ContentType);

                    if (String.Equals(contentType.MediaType, "application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) || String.Equals(contentType.MediaType, "multipart/form-data", StringComparison.OrdinalIgnoreCase))
                    {
                        ValidationResult validationResult = await _antiCsrfNonceValidator.ValidateAsync(request);

                        ResponseResult responseResult = await _antiCsrfResponseGenerator.GetResponseAsync(validationResult);

                        if (responseResult.ResultType == ResponseResultType.ResponseGenerated)
                        {
                            return(ValidateResult.ResponseGenerated(responseResult.Response));
                        }
                    }
                }
                catch (FormatException)
                {
                }
            }

            await _antiCsrfCookieManager.ConfigureCookieAsync(request, response);

            return(ValidateResult.RequestValidated());
        }
Exemplo n.º 2
0
        public override async Task ProcessRequestAsync(HttpContext context)
        {
            context.ThrowIfNull("context");

            var request  = new HttpRequestWrapper(context.Request);
            var response = new HttpResponseWrapper(context.Response);

            if (_antiCsrfCookieManager != null && _antiCsrfNonceValidator != null && _antiCsrfResponseGenerator != null)
            {
                if (!String.IsNullOrEmpty(context.Request.ContentType))
                {
                    try
                    {
                        var contentType = new ContentType(context.Request.ContentType);

                        if (String.Equals(contentType.MediaType, "application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) || String.Equals(contentType.MediaType, "multipart/form-data", StringComparison.OrdinalIgnoreCase))
                        {
                            ValidationResult validationResult = await _antiCsrfNonceValidator.ValidateAsync(request);

                            ResponseResult responseResult = await _antiCsrfResponseGenerator.GetResponseAsync(validationResult);

                            if (responseResult.ResultType == ResponseResultType.ResponseGenerated)
                            {
                                await ProcessResponseAsync(context, responseResult.Response, null);

                                return;
                            }
                        }
                    }
                    catch (FormatException)
                    {
                    }
                }

                await _antiCsrfCookieManager.ConfigureCookieAsync(request, response);
            }
            {
                IEnumerable <RouteMatchResult> routeMatchResults = await GetRouteMatchResultsAsync(request);

                IEnumerable <Task <ResponseGenerators.ResponseResult> > responseResultTasks = _responseGenerators.Select(arg => arg.GetResponseAsync(new HttpContextWrapper(context), routeMatchResults));

                foreach (Task <ResponseGenerators.ResponseResult> responseResultTask in responseResultTasks)
                {
                    ResponseGenerators.ResponseResult responseResult = await responseResultTask;

                    if (responseResult.ResultType == ResponseGenerators.ResponseResultType.ResponseGenerated)
                    {
                        await ProcessResponseAsync(context, await responseResult.Response, responseResult.CacheKey);

                        return;
                    }
                }
            }
        }