public static MvcHtmlString AuthToken(this HtmlHelper source)
{
IAuthenticatedFormToken authToken = null;
using (var scope = AutofacConfig.ServiceLocator.BeginLifetimeScope())
{
authToken = scope.Resolve <IAuthenticatedFormToken>();
}
return(new MvcHtmlString(string.Format("<input type='hidden' name='AuthToken' value='{0}'/>", authToken.GenerateMD5Token())));
}
public override void OnAuthorization(HttpActionContext actionContext)
{
using (var scope = AutofacConfig.ServiceLocator.BeginLifetimeScope())
{
_iAuthenticatedFormToken = scope.Resolve <IAuthenticatedFormToken>();
}
string authToken = HttpContext.Current.Request.Form["AuthToken"].ToString();
if (authToken != _iAuthenticatedFormToken.currentToken)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
base.OnAuthorization(actionContext);
}
