public SettingsController(IMemoryCache cache, ICacheFactoryStore cacheFactoryStore, ToracGolfContext dbContext, IAntiforgery antiforgery, IOptions<AppSettings> configuration) { DbContext = dbContext; Cache = cache; CacheFactory = cacheFactoryStore; Antiforgery = antiforgery; Configuration = configuration; }
public FormPostSampleMiddleware( RequestDelegate next, IAntiforgery antiforgery, IOptions<AntiforgeryOptions> options) { _next = next; _antiforgery = antiforgery; _options = options.Value; }
public AbpAspNetCoreAntiForgeryManager( IAntiforgery antiforgery, IHttpContextAccessor httpContextAccessor, IAbpAntiForgeryConfiguration configuration) { Configuration = configuration; _antiforgery = antiforgery; _httpContextAccessor = httpContextAccessor; }
public ValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery) { if (antiforgery == null) { throw new ArgumentNullException(nameof(antiforgery)); } _antiforgery = antiforgery; }
public ValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory) { if (antiforgery == null) { throw new ArgumentNullException(nameof(antiforgery)); } _antiforgery = antiforgery; _logger = loggerFactory.CreateLogger<ValidateAntiforgeryTokenAuthorizationFilter>(); }
public RoundController(IMemoryCache cache, ICacheFactoryStore cacheFactoryStore, ToracGolfContext dbContext, IAntiforgery antiforgery, IOptions<AppSettings> configuration, IListingFactory<RoundListingFactory.RoundListingSortEnum, Round, RoundListingData> roundListingFactory) { DbContext = dbContext; Cache = cache; CacheFactory = cacheFactoryStore; Antiforgery = antiforgery; Configuration = configuration; RoundListingFactory = roundListingFactory; }
public CourseController(IMemoryCache cache, ICacheFactoryStore cacheFactoryStore, ToracGolfContext dbContext, IAntiforgery antiforgery, IOptions<AppSettings> configuration, IListingFactory<CourseListingFactory.CourseListingSortEnum, Course, CourseListingData> courseListingFactory) { DbContext = dbContext; Cache = cache; CacheFactory = cacheFactoryStore; Antiforgery = antiforgery; Configuration = configuration; CourseListingFactory = courseListingFactory; }
public HomeController(IMemoryCache cache, ICacheFactoryStore cacheFactoryStore, ToracGolfContext dbContext, IAntiforgery antiforgery, IOptions<AppSettings> configuration, Lazy<NewsFeedDataProvider> newsFeedDataProvider) { DbContext = dbContext; Cache = cache; CacheFactory = cacheFactoryStore; Antiforgery = antiforgery; Configuration = configuration; NewsFeedDataProvider = newsFeedDataProvider; }
/// <summary> /// Initializes a new instance of the <see cref="ValidateHeaderAntiForgeryTokenAuthorizationFilter" /> class. /// </summary> /// <param name="antiforgery">The anti-forgery system.</param> /// <param name="antiforgeryOptions">The anti-forgery options.</param> public ValidateHeaderAntiForgeryTokenAuthorizationFilter( IAntiforgery antiforgery, IOptions<AntiforgeryOptions> antiforgeryOptions) { if (antiforgery == null) { throw new ArgumentNullException(nameof(antiforgery)); } if (antiforgeryOptions == null) { throw new ArgumentNullException(nameof(antiforgeryOptions)); } this.antiforgery = antiforgery; this.antiForgeryCookieName = antiforgeryOptions.Options.CookieName; }
public void Configure(IApplicationBuilder app, IAntiforgery antiforgery, IOptions<AntiforgeryOptions> options, TodoRepository repository) { app.Use(next => context => { if ( string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase) || string.Equals(context.Request.Path.Value, "/index.html", StringComparison.OrdinalIgnoreCase)) { // We can send the request token as a JavaScript-readable cookie, and Angular will use it by default. var tokens = antiforgery.GetAndStoreTokens(context); context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); } return next(context); }); app.UseDefaultFiles(); app.UseStaticFiles(); app.Map("/api/items", a => a.Run(async context => { if (string.Equals("GET", context.Request.Method, StringComparison.OrdinalIgnoreCase)) { var items = repository.GetItems(); await context.Response.WriteAsync(JsonConvert.SerializeObject(items)); } else if (string.Equals("POST", context.Request.Method, StringComparison.OrdinalIgnoreCase)) { // This will throw if the token is invalid. await antiforgery.ValidateRequestAsync(context); var serializer = new JsonSerializer(); using (var reader = new JsonTextReader(new StreamReader(context.Request.Body))) { var item = serializer.Deserialize<TodoItem>(reader); repository.Add(item); } context.Response.StatusCode = 204; } })); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IAntiforgery antiforgery, IHostingEnvironment env, ILoggerFactory loggerFactory) { app.UseIdentity() .UseDeveloperAuthAuthentication( new DeveloperAuthOptions() { ConsumerKey = "uWkHwFNbklXgsLHYzLfRXcThw", ConsumerSecret = "2kyg9WdUiJuU2HeWYJEuvwzaJWoweLadTgG3i0oHI5FeNjD5Iv" }) .UseTwitter2Authentication( new Twitter2Options() { ConsumerKey = "uWkHwFNbklXgsLHYzLfRXcThw", ConsumerSecret = "2kyg9WdUiJuU2HeWYJEuvwzaJWoweLadTgG3i0oHI5FeNjD5Iv" }); app.AddAllConfigureRegistrants(); app.UseCookieAuthentication(options => { options.LoginPath = new PathString("/Identity/Account/Login"); options.LogoutPath = new PathString("/Identity/Account/LogOff"); }); /* app.UseProtectFolder(new ProtectFolderOptions { Path = "/Elm", PolicyName = "Authenticated" }); */ app.UseProtectLocalOnly(new ProtectLocalOnlyOptions()); app.UseProtectPath(new ProtectPathOptions { PolicyName = "Authenticated" }); app.UseElmPage(); // Shows the logs at the specified path app.UseElmCapture(); // Adds the ElmLoggerProvider loggerFactory.AddSerilog(); loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseBrowserLink(); app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); } else { app.UseExceptionHandler("/Home/Error"); // For more details on creating database during deployment see http://go.microsoft.com/fwlink/?LinkID=615859 try { using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>() .CreateScope()) { #if ENTITY_IDENTITY serviceScope.ServiceProvider.GetService<Pingo.Authorization.Models.ApplicationDbContext>() .Database.Migrate(); #endif } } catch { } } app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear()); // due to an JWT defect we cannot be an IdentityServer4 and provide APIs //app.UseIdentityServer(); app.UseCors(policy => { policy.WithOrigins( "http://localhost:28895", "http://localhost:14016", "http://localhost:7017"); policy.AllowAnyHeader(); policy.AllowAnyMethod(); }); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); app.UseIdentityServerAuthentication(options => { options.Authority = WebApplication1.IdentityServerClients.Configuration.Constants.BaseAddress; options.ScopeName = "api1"; options.ScopeSecret = "secret"; options.AutomaticAuthenticate = true; options.AutomaticChallenge = true; }); app.UseStaticFiles(); // IMPORTANT: This session call MUST go before UseMvc() app.UseSession(); // To configure external authentication please see http://go.microsoft.com/fwlink/?LinkID=532715 app.UseMvc(routes => { routes.MapRoute( name: "areaRoute", template: "{area:exists}/{controller}/{action}", defaults: new {action = "Index"}); routes.MapRoute( name: "default", template: "{area=Main}/{controller=Home}/{action=Index}/{id?}"); }); app.UseSwaggerGen(); app.UseSwaggerUi(); }
public AntiForgeryController(IAntiforgery antiforgery, IAbpAntiForgeryManager antiForgeryManager) { _antiforgery = antiforgery; _antiForgeryManager = antiForgeryManager; }
public ShoppingCartController(IPartsUnlimitedContext context, ITelemetryProvider telemetryProvider, IAntiforgery antiforgery) { _db = context; _telemetry = telemetryProvider; _antiforgery = antiforgery; }
/// <summary> /// Initializes a new instance of the <see cref="DefaultHtmlGenerator"/> class. /// </summary> /// <param name="antiforgery">The <see cref="IAntiforgery"/> instance which is used to generate anti-forgery /// tokens.</param> /// <param name="optionsAccessor">The accessor for <see cref="MvcOptions"/>.</param> /// <param name="metadataProvider">The <see cref="IModelMetadataProvider"/>.</param> /// <param name="urlHelper">The <see cref="IUrlHelper"/>.</param> /// <param name="htmlEncoder">The <see cref="IHtmlEncoder"/>.</param> public CustomHtmlGenerator(IAntiforgery antiforgery, IOptions<MvcViewOptions> optionsAccessor, IModelMetadataProvider metadataProvider, IUrlHelper urlHelper, IHtmlEncoder htmlEncoder) : base(antiforgery, optionsAccessor, metadataProvider, urlHelper, htmlEncoder) { }
public AccountController(ApplicationContext context, IAntiforgery antiforgery) { _context = context; _antiForgery = antiforgery; }
public AntiforgeryCookieResultFilterAttribute(IAntiforgery antiforgery) { this.antiforgery = antiforgery; }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory, IAntiforgery antiforgery) { loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } // Configure XSRF middleware, This pattern is for SPA style applications where XSRF token is added on Index page // load and passed back token on every subsequent async request // app.Use(async (context, next) => // { // if (string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase)) // { // var tokens = antiforgery.GetAndStoreTokens(context); // context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); // } // await next.Invoke(); // }); //Seed Data WebContextSeed.Seed(app, env, loggerFactory); var pathBase = Configuration["PATH_BASE"]; if (!string.IsNullOrEmpty(pathBase)) { loggerFactory.CreateLogger <Startup>().LogDebug("Using PATH BASE '{pathBase}'", pathBase); app.UsePathBase(pathBase); } app.Use(async(context, next) => { await next(); // If there's no available file and the request doesn't contain an extension, we're probably trying to access a page. // Rewrite request to use app root if (context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value) && !context.Request.Path.Value.StartsWith("/api")) { context.Request.Path = "/index.html"; context.Response.StatusCode = 200; // Make sure we update the status code, otherwise it returns 404 await next(); } }); app.UseDefaultFiles(); app.UseStaticFiles(); app.UseRouting(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute(); endpoints.MapControllers(); endpoints.MapHealthChecks("/liveness", new HealthCheckOptions { Predicate = r => r.Name.Contains("self") }); endpoints.MapHealthChecks("/hc", new HealthCheckOptions() { Predicate = _ => true, ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse }); }); }
/// <summary> /// Executes the Configure actions that configure: error management, logging, anti-forgery, ExtCore, static files. /// It must be called inside the Configure method /// of the web application's Startup class in order SoftinuxBase to work properly. /// </summary> /// <param name="applicationBuilder_">The application builder passed to the Configure method of the web application's Startup class.</param> /// <param name="hostingEnvironment_">The hosting environment passed to the Configure method of the web application's Startup class.</param> /// <param name="loggerFactory_">The logger factory passed to the Configure method of the web application's Startup class.</param> /// <param name="configuration_">The application configuration passed to the Configure method of the web application's Startup class.</param> /// <param name="antiForgery_">The anti forgery system passed to the Configure method of the web application's Startup class.</param> public static void UseSoftinuxBase(this IApplicationBuilder applicationBuilder_, IWebHostEnvironment hostingEnvironment_, ILoggerFactory loggerFactory_, IConfiguration configuration_, IAntiforgery antiForgery_) { // 1. Error management if (hostingEnvironment_.IsDevelopment()) { applicationBuilder_.UseDeveloperExceptionPage(); applicationBuilder_.UseDatabaseErrorPage(); } else { applicationBuilder_.UseExceptionHandler("/Barebone/Error"); applicationBuilder_.UseHsts(); } // Security header make me happy applicationBuilder_.UseHsts(hsts_ => hsts_.MaxAge(365).IncludeSubdomains()); applicationBuilder_.UseXContentTypeOptions(); applicationBuilder_.UseReferrerPolicy(option_ => option_.NoReferrer()); applicationBuilder_.UseXXssProtection(option_ => option_.EnabledWithBlockMode()); applicationBuilder_.UseXfo(option_ => option_.Deny()); applicationBuilder_.UseCsp(option_ => option_ .BlockAllMixedContent() .StyleSources(s_ => s_.Self()) .StyleSources(s_ => s_.UnsafeInline()) .StyleSources(s_ => s_.Self().CustomSources("data:")) .FontSources(s_ => s_.Self()) .FormActions(s_ => s_.Self()) .FrameAncestors(s_ => s_.Self()) .ImageSources(s_ => s_.Self()) .ImageSources(s_ => s_.Self().CustomSources("data:")) .ScriptSources(s_ => s_.Self()) .ScriptSources(s_ => s_.UnsafeInline())); // 2. Anti-forgery applicationBuilder_.Use(next_ => context_ => { string path = context_.Request.Path.Value; if ( string.Equals(path, "/", StringComparison.OrdinalIgnoreCase) || string.Equals(path, "/signin", StringComparison.OrdinalIgnoreCase)) { // The request token can be sent as a JavaScript-readable cookie, // and Angular uses it by default. var tokens = antiForgery_.GetAndStoreTokens(context_); context_.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); } return(next_(context_)); }); // 3. The following are handled by ExtCore as prioritized IConfigureAction: // - UseRouting (built-in in ExtCore) // - UseAuthorization (custom) // - UseEndpoints (built-in in ExtCore and overriden) applicationBuilder_.UseHttpsRedirection(); applicationBuilder_.UseCors(); applicationBuilder_.UseAuthentication(); // 4. ExtCore applicationBuilder_.UseExtCore(); // 5. Static files applicationBuilder_.UseStaticFiles(); }
public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAntiforgery antiforgery) { _next = next; _antiforgery = antiforgery; }
public ValidateAntiforgeryTokenAuthorizationFilter([NotNull] IAntiforgery antiforgery) { _antiforgery = antiforgery; }
public AutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory) : base(antiforgery, loggerFactory) { }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, Seed Seeder, IAntiforgery antiforgery) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler(builder => builder.Run(async context => { context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; var error = context.Features.Get <IExceptionHandlerFeature>(); context.Response.ApplicationError(error.Error.Message); if (error != null) { await context.Response.WriteAsync(error.Error.Message); } })); } app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "Coding Task API V1"); }); Seeder.SeedUsers(); app.UseCors(y => y.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()); app.UseAuthentication(); app.UseDefaultFiles(); app.UseStaticFiles(); app.UseMvc(routes => { routes.MapSpaFallbackRoute( name: "Spa-FallBack", defaults: new { Controller = "FallBack", Action = "Index" } ); }); }
public AntiForgeryController(IAntiforgery antiforgery) { _antiforgery = antiforgery; }