diff --git a/src/Microsoft.AspNet.Antiforgery/AntiforgeryValidationException.cs b/src/Microsoft.AspNet.Antiforgery/AntiforgeryValidationException.cs
new file mode 100644
index 0000000000..d5ea22e52b
--- /dev/null
+++ b/src/Microsoft.AspNet.Antiforgery/AntiforgeryValidationException.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Antiforgery
+{
+ ///
+ /// The that is thrown when the antiforgery token validation fails.
+ ///
+ public class AntiforgeryValidationException : Exception
+ {
+ ///
+ /// Creates a new instance of with the specified
+ /// exception .
+ ///
+ /// The message that describes the error.
+ public AntiforgeryValidationException(string message)
+ : base(message)
+ {
+ }
+ }
+}
diff --git a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
index 8cd2160238..ae43f846b6 100644
--- a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
+++ b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
@@ -119,13 +119,13 @@ namespace Microsoft.AspNet.Antiforgery
// Do the tokens have the correct format?
if (!cookieToken.IsCookieToken || requestToken.IsCookieToken)
{
- throw new InvalidOperationException(Resources.AntiforgeryToken_TokensSwapped);
+ throw new AntiforgeryValidationException(Resources.AntiforgeryToken_TokensSwapped);
}
// Are the security tokens embedded in each incoming token identical?
if (!object.Equals(cookieToken.SecurityToken, requestToken.SecurityToken))
{
- throw new InvalidOperationException(Resources.AntiforgeryToken_SecurityTokenMismatch);
+ throw new AntiforgeryValidationException(Resources.AntiforgeryToken_SecurityTokenMismatch);
}
// Is the incoming token meant for the current user?
@@ -153,20 +153,20 @@ namespace Microsoft.AspNet.Antiforgery
if (!comparer.Equals(requestToken.Username, currentUsername))
{
- throw new InvalidOperationException(
+ throw new AntiforgeryValidationException(
Resources.FormatAntiforgeryToken_UsernameMismatch(requestToken.Username, currentUsername));
}
- if (!Equals(requestToken.ClaimUid, currentClaimUid))
+ if (!object.Equals(requestToken.ClaimUid, currentClaimUid))
{
- throw new InvalidOperationException(Resources.AntiforgeryToken_ClaimUidMismatch);
+ throw new AntiforgeryValidationException(Resources.AntiforgeryToken_ClaimUidMismatch);
}
// Is the AdditionalData valid?
if (_additionalDataProvider != null &&
!_additionalDataProvider.ValidateAdditionalData(httpContext, requestToken.AdditionalData))
{
- throw new InvalidOperationException(Resources.AntiforgeryToken_AdditionalDataCheckFailed);
+ throw new AntiforgeryValidationException(Resources.AntiforgeryToken_AdditionalDataCheckFailed);
}
}
diff --git a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenStore.cs b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenStore.cs
index 2b347a6ac8..ee677af059 100644
--- a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenStore.cs
+++ b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenStore.cs
@@ -68,7 +68,7 @@ namespace Microsoft.AspNet.Antiforgery
var requestCookie = httpContext.Request.Cookies[_options.CookieName];
if (string.IsNullOrEmpty(requestCookie))
{
- throw new InvalidOperationException(
+ throw new AntiforgeryValidationException(
Resources.FormatAntiforgery_CookieToken_MustBeProvided(_options.CookieName));
}
@@ -92,19 +92,19 @@ namespace Microsoft.AspNet.Antiforgery
if (_options.HeaderName == null)
{
var message = Resources.FormatAntiforgery_FormToken_MustBeProvided(_options.FormFieldName);
- throw new InvalidOperationException(message);
+ throw new AntiforgeryValidationException(message);
}
else if (!httpContext.Request.HasFormContentType)
{
var message = Resources.FormatAntiforgery_HeaderToken_MustBeProvided(_options.HeaderName);
- throw new InvalidOperationException(message);
+ throw new AntiforgeryValidationException(message);
}
else
{
var message = Resources.FormatAntiforgery_RequestToken_MustBeProvided(
_options.FormFieldName,
_options.HeaderName);
- throw new InvalidOperationException(message);
+ throw new AntiforgeryValidationException(message);
}
}
diff --git a/test/Microsoft.AspNet.Antiforgery.FunctionalTests/AntiforgerySampleTest.cs b/test/Microsoft.AspNet.Antiforgery.FunctionalTests/AntiforgerySampleTest.cs
index 4135a56bd3..32431f6801 100644
--- a/test/Microsoft.AspNet.Antiforgery.FunctionalTests/AntiforgerySampleTest.cs
+++ b/test/Microsoft.AspNet.Antiforgery.FunctionalTests/AntiforgerySampleTest.cs
@@ -43,13 +43,13 @@ namespace Microsoft.AspNet.Antiforgery.FunctionalTests
var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/items");
// Act
- var exception = await Assert.ThrowsAsync(async () =>
+ var exception = await Assert.ThrowsAsync(async () =>
{
var response = await Client.SendAsync(httpRequestMessage);
});
// Assert
- Assert.Contains("required antiforgery cookie", exception.Message);
+ Assert.Contains("The required antiforgery cookie \"3Cs-jwHTMFk\" is not present.", exception.Message);
}
[Fact]
diff --git a/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenGeneratorTest.cs b/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenGeneratorTest.cs
index 4813d68411..005f00f10c 100644
--- a/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenGeneratorTest.cs
+++ b/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenGeneratorTest.cs
@@ -303,7 +303,7 @@ namespace Microsoft.AspNet.Antiforgery
// Act & assert
var ex1 =
- Assert.Throws(
+ Assert.Throws(
() => tokenProvider.ValidateTokens(httpContext, fieldtoken, fieldtoken));
Assert.Equal(
"Validation of the provided antiforgery token failed. " +
@@ -311,7 +311,7 @@ namespace Microsoft.AspNet.Antiforgery
ex1.Message);
var ex2 =
- Assert.Throws(
+ Assert.Throws(
() => tokenProvider.ValidateTokens(httpContext, cookieToken, cookieToken));
Assert.Equal(
"Validation of the provided antiforgery token failed. " +
@@ -334,7 +334,7 @@ namespace Microsoft.AspNet.Antiforgery
additionalDataProvider: null);
// Act & Assert
- var exception = Assert.Throws(
+ var exception = Assert.Throws(
() => tokenProvider.ValidateTokens(httpContext, cookieToken, fieldtoken));
Assert.Equal(
@"The antiforgery cookie token and request token do not match.",
@@ -369,7 +369,7 @@ namespace Microsoft.AspNet.Antiforgery
additionalDataProvider: null);
// Act & Assert
- var exception = Assert.Throws(
+ var exception = Assert.Throws(
() => tokenProvider.ValidateTokens(httpContext, cookieToken, fieldtoken));
Assert.Equal(
@"The provided antiforgery token was meant for user """ + embeddedUsername +
@@ -403,7 +403,7 @@ namespace Microsoft.AspNet.Antiforgery
additionalDataProvider: null);
// Act & assert
- var exception = Assert.Throws(
+ var exception = Assert.Throws(
() => tokenProvider.ValidateTokens(httpContext, cookieToken, fieldtoken));
Assert.Equal(
@"The provided antiforgery token was meant for a different claims-based user than the current user.",
@@ -436,7 +436,7 @@ namespace Microsoft.AspNet.Antiforgery
additionalDataProvider: mockAdditionalDataProvider.Object);
// Act & assert
- var exception = Assert.Throws(
+ var exception = Assert.Throws(
() => tokenProvider.ValidateTokens(httpContext, cookieToken, fieldtoken));
Assert.Equal(@"The provided antiforgery token failed a custom data check.", exception.Message);
}
diff --git a/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenStoreTest.cs b/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenStoreTest.cs
index 585c42e171..61660652ab 100644
--- a/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenStoreTest.cs
+++ b/test/Microsoft.AspNet.Antiforgery.Test/DefaultAntiforgeryTokenStoreTest.cs
@@ -112,7 +112,7 @@ namespace Microsoft.AspNet.Antiforgery
// Arrange
var mockHttpContext = GetMockHttpContext(_cookieName, "invalid-value");
- var expectedException = new InvalidOperationException("some exception");
+ var expectedException = new AntiforgeryValidationException("some exception");
var mockSerializer = new Mock();
mockSerializer
.Setup(o => o.Deserialize("invalid-value"))
@@ -128,7 +128,7 @@ namespace Microsoft.AspNet.Antiforgery
tokenSerializer: mockSerializer.Object);
// Act & assert
- var ex = Assert.Throws(() => tokenStore.GetCookieToken(mockHttpContext));
+ var ex = Assert.Throws(() => tokenStore.GetCookieToken(mockHttpContext));
Assert.Same(expectedException, ex);
}
@@ -179,7 +179,7 @@ namespace Microsoft.AspNet.Antiforgery
tokenSerializer: Mock.Of());
// Act
- var exception = await Assert.ThrowsAsync(
+ var exception = await Assert.ThrowsAsync(
async () => await tokenStore.GetRequestTokensAsync(httpContext));
// Assert
@@ -212,7 +212,7 @@ namespace Microsoft.AspNet.Antiforgery
tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider()));
// Act
- var exception = await Assert.ThrowsAsync(
+ var exception = await Assert.ThrowsAsync(
async () => await tokenStore.GetRequestTokensAsync(httpContext));
// Assert
@@ -315,7 +315,7 @@ namespace Microsoft.AspNet.Antiforgery
tokenSerializer: new DefaultAntiforgeryTokenSerializer(new EphemeralDataProtectionProvider()));
// Act
- var exception = await Assert.ThrowsAsync(
+ var exception = await Assert.ThrowsAsync(
async () => await tokenStore.GetRequestTokensAsync(httpContext));
// Assert
@@ -346,7 +346,7 @@ namespace Microsoft.AspNet.Antiforgery
tokenSerializer: Mock.Of());
// Act
- var exception = await Assert.ThrowsAsync(
+ var exception = await Assert.ThrowsAsync(
async () => await tokenStore.GetRequestTokensAsync(httpContext));
// Assert