public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { var queryParams = context.Request.GetQueryNameValuePairs(); string antiforgeryToken = null; foreach (var queryParam in queryParams) { if (queryParam.Key == "antiforgeryToken") { antiforgeryToken = queryParam.Value; } } if (antiforgeryToken == null) { context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request); return(Task.FromResult(0)); } if (!Antiforgery.ValidateToken("antiforgeryTokenGet", antiforgeryToken)) { context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request); return(Task.FromResult(0)); } return(Task.FromResult(antiforgeryToken)); }
public async Task <IActionResult> Details() { var loggedInAccount = await AuthService.GetLoggedInAccountAsync(User); if (loggedInAccount == null) { return(Unauthorized()); } var tokens = Antiforgery.GetAndStoreTokens(HttpContext); var vm = new AuthDetailsViewModel() { LoggedInUser = new UserDetailsViewModel { Id = loggedInAccount.Id, Name = loggedInAccount.Name, EmailAddress = loggedInAccount.EmailAddress, XSRFToken = tokens.RequestToken, HasAvatarUrl = !string.IsNullOrWhiteSpace(loggedInAccount.AvatarUrl), AccountType = !string.IsNullOrWhiteSpace(loggedInAccount.GitHubId) ? "Github" : !string.IsNullOrWhiteSpace(loggedInAccount.GoogleId) ? "Google" : !string.IsNullOrWhiteSpace(loggedInAccount.MicrosoftId) ? "Microsoft" : "Unknown" } }; return(ModelState.GetJsonResultWithValidationErrors(vm)); }
public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { var serializedRequest = context.Request.Content.ReadAsStringAsync().Result; string antiforgeryToken = Serialization.Deserialize <dynamic>(serializedRequest).antiforgeryToken; if (antiforgeryToken == null) { context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request); return(Task.FromResult(0)); } if (!Antiforgery.ValidateToken("antiforgeryTokenPost", antiforgeryToken)) { context.ErrorResult = new AuthenticationFailureResult(Strings.AntiforgeryTokenIsMissing, context.ActionContext.Request); return(Task.FromResult(0)); } return(Task.FromResult(antiforgeryToken)); }
// Valid post protected async Task<bool> ValidPost() => !Config.CheckToken || !IsPost() || IsApi() || await Antiforgery.IsRequestValidAsync(HttpContext);