C# (CSharp) Umbraco.Web.WebApi.Filters AngularAntiForgeryHelper示例

编程语言: C# (CSharp)

命名空间/包名称: Umbraco.Web.WebApi.Filters

hotexamples.com的示例: 2

C# (CSharp) Umbraco.Web.WebApi.Filters AngularAntiForgeryHelper - 已找到2个示例。这些是从开源项目中提取的最受好评的Umbraco.Web.WebApi.Filters.AngularAntiForgeryHelper现实C# (CSharp)示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

GetTokens(1)

ValidateHeaders(1)

示例#1

显示文件

文件： ValidateAngularAntiForgeryTokenAttribute.cs 项目： filipesousa20/Umbraco-CMS-V7

        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            var userIdentity = ((ApiController)actionContext.ControllerContext.Controller).User.Identity as ClaimsIdentity;

            if (userIdentity != null)
            {
                //if there is not CookiePath claim, then exist
                if (userIdentity.HasClaim(x => x.Type == ClaimTypes.CookiePath) == false)
                {
                    base.OnActionExecuting(actionContext);
                    return;
                }
            }

            string failedReason;

            if (AngularAntiForgeryHelper.ValidateHeaders(actionContext.Request.Headers, out failedReason) == false)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
                actionContext.Response.ReasonPhrase = failedReason;
                return;
            }

            base.OnActionExecuting(actionContext);
        }

示例#2

显示文件

文件： SetAngularAntiForgeryTokensAttribute.cs 项目： filipesousa20/Umbraco-CMS-V7

        public override void OnActionExecuted(HttpActionExecutedContext context)
        {
            if (context.Response == null)
            {
                return;
            }

            //DO not set the token cookies if the request has failed!!
            if (context.Response.StatusCode != HttpStatusCode.OK)
            {
                return;
            }

            //don't need to set the cookie if they already exist and they are valid
            if (context.Request.Headers.GetCookies(AngularAntiForgeryHelper.AngularCookieName).Any() &&
                context.Request.Headers.GetCookies(AngularAntiForgeryHelper.CsrfValidationCookieName).Any())
            {
                //if they are not valid for some strange reason - we need to continue setting valid ones
                string failedReason;
                if (AngularAntiForgeryHelper.ValidateHeaders(context.Request.Headers, out failedReason))
                {
                    return;
                }
            }

            string cookieToken, headerToken;

            AngularAntiForgeryHelper.GetTokens(out cookieToken, out headerToken);

            //We need to set 2 cookies: one is the cookie value that angular will use to set a header value on each request,
            // the 2nd is the validation value generated by the anti-forgery helper that we use to validate the header token against.

            var angularCookie = new CookieHeaderValue(AngularAntiForgeryHelper.AngularCookieName, headerToken)
            {
                Path = "/",
                //must be js readable
                HttpOnly = false,
                Secure   = GlobalSettings.UseSSL
            };

            var validationCookie = new CookieHeaderValue(AngularAntiForgeryHelper.CsrfValidationCookieName, cookieToken)
            {
                Path     = "/",
                HttpOnly = true,
                Secure   = GlobalSettings.UseSSL
            };

            context.Response.Headers.AddCookies(new[] { angularCookie, validationCookie });
        }