/// <summary> /// Authorizes spam prevention responses. If validation fails, updates model state accordingly. /// </summary> /// <param name="httpContext">The request's HTTP context.</param> /// <param name="modelState">The request's model state.</param> /// <param name="captchaValidator">The CAPTCHA validator to use to validate a CAPTCHA response, if present.</param> public void Authorize( HttpContextBase httpContext, ModelStateDictionary modelState, ICaptchaValidator captchaValidator) { if (httpContext == null) throw new ArgumentNullException("httpContext"); if (modelState == null) throw new ArgumentNullException("modelState"); if (captchaValidator == null) throw new ArgumentNullException("captchaValidator"); // First check to see if the polite "noCAPTCHA" spam prevention worked. var noCaptchaResponseIsValid = ValidateNoCaptchaResponse(httpContext); if (noCaptchaResponseIsValid) return; // If there wasn't a valid "noCAPTCHA" response, we then check for a CAPTCHA response (the fallback for spam prevention). var captchaResponseIsValid = captchaValidator.Validate(httpContext); if (captchaResponseIsValid) return; // This model state error serves two purposes: it means the action can check ModelState.IsValid as normal, // and it's also a signal to the HTML helper that the spam prevention check failed, and therefore to show a captcha. modelState.AddModelError( Const.ModelStateKey, string.Empty); }
public async Task <IActionResult> Register([FromBody] RegisterModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (!model.Email.ToLower().EndsWith("pxl.be")) { return(BadRequest("Only PXL email adresses are allowed.")); } var validationResult = await _captchaValidator.Validate(model.CaptchaToken, Request.HttpContext.Connection.RemoteIpAddress); if (!validationResult.Success) { return(BadRequest("Could not verify captcha.")); } var user = new User { UserName = model.Email, Email = model.Email, FirstName = model.FirstName, LastName = model.LastName }; var result = await _userManager.CreateAsync(user, model.Password); if (result.Succeeded) { var role = user.Email.ToLower().EndsWith("student.pxl.be") ? Role.Constants.Student : Role.Constants.Lector; await _userManager.AddToRoleAsync(user, role); await SendConfirmUserEmailMessage(user); return(Ok()); } foreach (var error in result.Errors) { ModelState.AddModelError(error.Code, error.Description); } return(BadRequest(ModelState)); }
public ActionResult Authenticate() { /* * The salt passed to the method below can by dynamic, so you can include * some extra information like id, etc... something that you usually add * into hidden input. */ ValidateAntiForgeryToken(AntiForgeryTokenSaltNames.Login /*, Request.Form["id"], RouteData.Values["id"] as string */); if (User.Identity.IsAuthenticated) { return(Ajax(RedirectToAction("index", "home"))); } var viewData = new LogonViewData(); if (!TryUpdateModel(viewData) | !TryUpdateModel(viewData.Details) | !validationService.Validate(viewData) || !captchaValidator.Validate() || !membershipService.ValidateUser(viewData.Details)) { ModelState.ResetModelValue("TuringNumber"); return(AlternatePartialView(viewData)); } formsAuthentication.SignIn( viewData.Details.UserName, viewData.RememberMe, Guid.NewGuid().Shrink() /* * You can read this value using formsAuthentication.UserData() * at any place of the authenticated request */); if (!String.IsNullOrEmpty(viewData.ReturnUrl)) { return(Redirect(viewData.ReturnUrl)); } return(Ajax(RedirectToAction("index", "home"))); }
/// <summary> /// Authorizes spam prevention responses. If validation fails, updates model state accordingly. /// </summary> /// <param name="httpContext">The request's HTTP context.</param> /// <param name="modelState">The request's model state.</param> /// <param name="captchaValidator">The CAPTCHA validator to use to validate a CAPTCHA response, if present.</param> public void Authorize( HttpContextBase httpContext, ModelStateDictionary modelState, ICaptchaValidator captchaValidator) { if (httpContext == null) { throw new ArgumentNullException("httpContext"); } if (modelState == null) { throw new ArgumentNullException("modelState"); } if (captchaValidator == null) { throw new ArgumentNullException("captchaValidator"); } // First check to see if the polite "noCAPTCHA" spam prevention worked. var noCaptchaResponseIsValid = ValidateNoCaptchaResponse(httpContext); if (noCaptchaResponseIsValid) { return; } // If there wasn't a valid "noCAPTCHA" response, we then check for a CAPTCHA response (the fallback for spam prevention). var captchaResponseIsValid = captchaValidator.Validate(httpContext); if (captchaResponseIsValid) { return; } // This model state error serves two purposes: it means the action can check ModelState.IsValid as normal, // and it's also a signal to the HTML helper that the spam prevention check failed, and therefore to show a captcha. modelState.AddModelError( Const.ModelStateKey, string.Empty); }