/// <inheritdoc />
public async Task <bool> IsRequestValidAsync(HttpContext httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException(nameof(httpContext));
}
CheckSSLConfig(httpContext);
var method = httpContext.Request.Method;
if (string.Equals(method, "GET", StringComparison.OrdinalIgnoreCase) ||
string.Equals(method, "HEAD", StringComparison.OrdinalIgnoreCase) ||
string.Equals(method, "OPTIONS", StringComparison.OrdinalIgnoreCase) ||
string.Equals(method, "TRACE", StringComparison.OrdinalIgnoreCase))
{
// Validation not needed for these request types.
return(true);
}
var tokens = await _tokenStore.GetRequestTokensAsync(httpContext);
if (tokens.CookieToken == null)
{
_logger.MissingCookieToken(_options.Cookie.Name);
return(false);
}
if (tokens.RequestToken == null)
{
_logger.MissingRequestToken(_options.FormFieldName, _options.HeaderName);
return(false);
}
// Extract cookie & request tokens
AntiforgeryToken deserializedCookieToken;
AntiforgeryToken deserializedRequestToken;
DeserializeTokens(httpContext, tokens, out deserializedCookieToken, out deserializedRequestToken);
// Validate
string message;
var result = _tokenGenerator.TryValidateTokenSet(
httpContext,
deserializedCookieToken,
deserializedRequestToken,
out message);
if (result)
{
_logger.ValidatedAntiforgeryToken();
}
else
{
_logger.ValidationFailed(message);
}
return(result);
}
/// <inheritdoc />
public async Task <bool> IsRequestValidAsync(HttpContext httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException(nameof(httpContext));
}
CheckSSLConfig(httpContext);
var method = httpContext.Request.Method;
if (HttpMethods.IsGet(method) ||
HttpMethods.IsHead(method) ||
HttpMethods.IsOptions(method) ||
HttpMethods.IsTrace(method))
{
// Validation not needed for these request types.
return(true);
}
var tokens = await _tokenStore.GetRequestTokensAsync(httpContext);
if (tokens.CookieToken == null)
{
_logger.MissingCookieToken(_options.Cookie.Name);
return(false);
}
if (tokens.RequestToken == null)
{
_logger.MissingRequestToken(_options.FormFieldName, _options.HeaderName);
return(false);
}
// Extract cookie & request tokens
if (!TryDeserializeTokens(httpContext, tokens, out var deserializedCookieToken, out var deserializedRequestToken))
{
return(false);
}
// Validate
var result = _tokenGenerator.TryValidateTokenSet(
httpContext,
deserializedCookieToken,
deserializedRequestToken,
out var message);
if (result)
{
_logger.ValidatedAntiforgeryToken();
}
else
{
_logger.ValidationFailed(message !);
}
return(result);
}
public async Task <AntiforgeryTokenSet> GetRequestTokensAsync(HttpContext httpContext)
{
//
// Get cookie token
string requestCookie = httpContext.Request.Cookies[_options.CookieName];
string requestToken = null;
//
// Get header token
if (!string.IsNullOrEmpty(requestCookie))
{
requestToken = httpContext.Request.Headers[_options.FormFieldName];
}
//
if (!string.IsNullOrEmpty(requestToken))
{
return(new AntiforgeryTokenSet(requestToken, requestCookie, _options.CookieName, _options.FormFieldName));
}
//
// Fall back to the default implementation
try {
var res = await _defaultStore.GetRequestTokensAsync(httpContext);
return(res);
}
catch (Exception e) {
throw new AntiforgeryException(e);
}
}
