Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save lkaczanowski/4594622 to your computer and use it in GitHub Desktop.
Save lkaczanowski/4594622 to your computer and use it in GitHub Desktop.
ValidateGlobalAntiForgeryToken attribute (put it on controller, not separate actions)
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
public class ValidateGlobalAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
{
private readonly ValidateAntiForgeryTokenAttribute validator;
private readonly AcceptVerbsAttribute acceptedVerbs;
public ValidateGlobalAntiForgeryTokenAttribute()
{
this.validator = new ValidateAntiForgeryTokenAttribute();
this.acceptedVerbs = new AcceptVerbsAttribute(HttpVerbs.Post);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
string httpMethodOverride = filterContext.HttpContext.Request.GetHttpMethodOverride();
if (this.acceptedVerbs.Verbs.Contains(httpMethodOverride, StringComparer.OrdinalIgnoreCase))
{
this.validator.OnAuthorization(filterContext);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment