public static MvcHtmlString AuthToken(this HtmlHelper source) { IAuthenticatedFormToken authToken = null; using (var scope = AutofacConfig.ServiceLocator.BeginLifetimeScope()) { authToken = scope.Resolve <IAuthenticatedFormToken>(); } return(new MvcHtmlString(string.Format("<input type='hidden' name='AuthToken' value='{0}'/>", authToken.GenerateMD5Token()))); }
public override void OnAuthorization(HttpActionContext actionContext) { using (var scope = AutofacConfig.ServiceLocator.BeginLifetimeScope()) { _iAuthenticatedFormToken = scope.Resolve <IAuthenticatedFormToken>(); } string authToken = HttpContext.Current.Request.Form["AuthToken"].ToString(); if (authToken != _iAuthenticatedFormToken.currentToken) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); } base.OnAuthorization(actionContext); }