public void OnAuthorization(AuthorizationContext context) { var methodInfo = context.ActionDescriptor.GetMethodInfoOrNull(); if (methodInfo == null) { return; } var httpVerb = HttpVerbHelper.Create(context.HttpContext.Request.HttpMethod); if (!_AntiForgeryManager.ShouldValidate(_antiForgeryWebConfiguration, methodInfo, httpVerb, _mvcConfiguration.IsAutomaticAntiForgeryValidationEnabled)) { return; } if (!_AntiForgeryManager.IsValid(context.HttpContext)) { CreateErrorResponse(context, methodInfo, "Empty or invalid anti forgery header token."); } }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync( HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { var methodInfo = actionContext.ActionDescriptor.GetMethodInfoOrNull(); if (methodInfo == null) { return(await continuation()); } if (!_InfrastructureAntiForgeryManager.ShouldValidate(_antiForgeryWebConfiguration, methodInfo, actionContext.Request.Method.ToHttpVerb(), _webApiConfiguration.IsAutomaticAntiForgeryValidationEnabled)) { return(await continuation()); } if (!_InfrastructureAntiForgeryManager.IsValid(actionContext.Request.Headers)) { return(CreateErrorResponse(actionContext, "Empty or invalid anti forgery header token.")); } return(await continuation()); }