Пример #1
0
        public void OnAuthorization(AuthorizationContext context)
        {
            var methodInfo = context.ActionDescriptor.GetMethodInfoOrNull();

            if (methodInfo == null)
            {
                return;
            }

            var httpVerb = HttpVerbHelper.Create(context.HttpContext.Request.HttpMethod);

            if (!studioXAntiForgeryManager.ShouldValidate(antiForgeryWebConfiguration, methodInfo, httpVerb, mvcConfiguration.IsAutomaticAntiForgeryValidationEnabled))
            {
                return;
            }

            if (!studioXAntiForgeryManager.IsValid(context.HttpContext))
            {
                CreateErrorResponse(context, methodInfo, "Empty or invalid anti forgery header token.");
            }
        }
Пример #2
0
        public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(
            HttpActionContext actionContext,
            CancellationToken cancellationToken,
            Func <Task <HttpResponseMessage> > continuation)
        {
            var methodInfo = actionContext.ActionDescriptor.GetMethodInfoOrNull();

            if (methodInfo == null)
            {
                return(await continuation());
            }

            if (!studioXAntiForgeryManager.ShouldValidate(antiForgeryWebConfiguration, methodInfo, actionContext.Request.Method.ToHttpVerb(), webApiConfiguration.IsAutomaticAntiForgeryValidationEnabled))
            {
                return(await continuation());
            }

            if (!studioXAntiForgeryManager.IsValid(actionContext.Request.Headers))
            {
                return(CreateErrorResponse(actionContext, "Empty or invalid anti forgery header token."));
            }

            return(await continuation());
        }