Last active
March 15, 2024 00:11
-
-
Save nozzlegear/eb3e4560580fc21f2032 to your computer and use it in GitHub Desktop.
Validate an ASP.NET AntiForgeryToken sent in the request header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Web; | |
using System.Web.Helpers; | |
using System.Web.Mvc; | |
namespace MyNamespace.Controllers | |
{ | |
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)] | |
public sealed class ValidateHeaderAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter | |
{ | |
public void OnAuthorization(AuthorizationContext filterContext) | |
{ | |
if (filterContext == null) | |
{ | |
throw new ArgumentNullException("filterContext"); | |
} | |
var httpContext = filterContext.HttpContext; | |
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName]; | |
AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
where we can placed this code, on ActionFilters?