//constructor public WebCallContextHandlerSettings(LogLevel logLevel = LogLevel.Basic, WebHandlerOptions options = WebHandlerOptions.DefaultDebug, string sessionToken = "Authorization", WebTokenType sessionTokenType = WebTokenType.Header, string versionToken = DefaultVersionToken, string csrfToken = null, DbConnectionReuseMode connectionReuseMode = DbConnectionReuseMode.KeepOpen) { LogLevel = logLevel; Options = options; ConnectionReuseMode = connectionReuseMode; if (sessionToken != null) TokenHandlers.Add(new WebSessionTokenHandler(sessionToken, sessionTokenType)); if (versionToken != null) TokenHandlers.Add(new VersionTokenHandler(versionToken)); // Cross-Site Request Forgery (CSRF) protection. Used as header only (not cookie), when session token is saved in cookie, // to protect against CSRF execution. Sometimes called synchronization token; read more in Wikipedia or other resources if (csrfToken != null) TokenHandlers.Add(new WebTokenHandler(csrfToken, WebTokenType.Header, WebTokenDirection.InputOutput)); //We ignore Swagger paths by default IgnorePaths.Add("/swagger"); }
public WebSessionTokenHandler(string name, WebTokenType tokenType = WebTokenType.Header) : base(name, tokenType, WebTokenDirection.Input) { }
public WebTokenHandler(string tokenName, WebTokenType tokenType, WebTokenDirection direction) { TokenName = tokenName; TokenType = tokenType; Direction = direction; }
//constructor public WebCallContextHandlerSettings(LogLevel logLevel = LogLevel.Basic, WebHandlerOptions options = WebHandlerOptions.DefaultDebug, string sessionToken = "Authorization", WebTokenType sessionTokenType = WebTokenType.Header, string versionToken = DefaultVersionToken, string csrfToken = null, DbConnectionReuseMode connectionReuseMode = DbConnectionReuseMode.KeepOpen) { LogLevel = logLevel; Options = options; ConnectionReuseMode = connectionReuseMode; if (sessionToken != null) { TokenHandlers.Add(new WebSessionTokenHandler(sessionToken, sessionTokenType)); } if (versionToken != null) { TokenHandlers.Add(new VersionTokenHandler(versionToken)); } // Cross-Site Request Forgery (CSRF) protection. Used as header only (not cookie), when session token is saved in cookie, // to protect against CSRF execution. Sometimes called synchronization token; read more in Wikipedia or other resources if (csrfToken != null) { TokenHandlers.Add(new WebTokenHandler(csrfToken, WebTokenType.Header, WebTokenDirection.InputOutput)); } //We ignore Swagger paths by default IgnorePaths.Add("/swagger"); }