diff --git a/.gitignore b/.gitignore
index c2e1708217..304382499d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ _ReSharper.*/
packages/
artifacts/
PublishProfiles/
+.vs/
*.user
*.suo
*.cache
diff --git a/Antiforgery.sln b/Antiforgery.sln
index b6b0239866..3074ae4f3d 100644
--- a/Antiforgery.sln
+++ b/Antiforgery.sln
@@ -11,6 +11,10 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Antiforger
EndProject
Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Antiforgery.Test", "test\Microsoft.AspNet.Antiforgery.Test\Microsoft.AspNet.Antiforgery.Test.xproj", "{415E83F8-6002-47E4-AA8E-CD5169C06F28}"
EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{D8C46ADF-E40A-4B48-ADE9-E1FA80466FE3}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "AntiforgerySample", "samples\AntiforgerySample\AntiforgerySample.xproj", "{AF9E0784-5EDB-494F-B46C-1A8DA785C49C}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -25,6 +29,10 @@ Global
{415E83F8-6002-47E4-AA8E-CD5169C06F28}.Debug|Any CPU.Build.0 = Debug|Any CPU
{415E83F8-6002-47E4-AA8E-CD5169C06F28}.Release|Any CPU.ActiveCfg = Release|Any CPU
{415E83F8-6002-47E4-AA8E-CD5169C06F28}.Release|Any CPU.Build.0 = Release|Any CPU
+ {AF9E0784-5EDB-494F-B46C-1A8DA785C49C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {AF9E0784-5EDB-494F-B46C-1A8DA785C49C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {AF9E0784-5EDB-494F-B46C-1A8DA785C49C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {AF9E0784-5EDB-494F-B46C-1A8DA785C49C}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -32,5 +40,6 @@ Global
GlobalSection(NestedProjects) = preSolution
{46FB03FB-7A44-4106-BDDE-D6F5417544AB} = {71D070C4-B325-48F7-9F25-DD4E91C2BBCA}
{415E83F8-6002-47E4-AA8E-CD5169C06F28} = {6EDD8B57-4DE8-4246-A6A3-47ECD92740B4}
+ {AF9E0784-5EDB-494F-B46C-1A8DA785C49C} = {D8C46ADF-E40A-4B48-ADE9-E1FA80466FE3}
EndGlobalSection
EndGlobal
diff --git a/global.json b/global.json
index 983ba0401e..feb51cb71d 100644
--- a/global.json
+++ b/global.json
@@ -1,3 +1,3 @@
{
- "projects": ["src"]
+ "projects": ["src", "samples"]
}
diff --git a/samples/AntiforgerySample/AntiforgerySample.xproj b/samples/AntiforgerySample/AntiforgerySample.xproj
new file mode 100644
index 0000000000..d6dbc6607b
--- /dev/null
+++ b/samples/AntiforgerySample/AntiforgerySample.xproj
@@ -0,0 +1,19 @@
+
+
+
+ 14.0
+ $(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)
+
+
+
+ af9e0784-5edb-494f-b46c-1a8da785c49c
+ AntiforgerySample
+ ..\..\artifacts\obj\$(MSBuildProjectName)
+ ..\..\artifacts\bin\$(MSBuildProjectName)\
+
+
+ 2.0
+ 48542
+
+
+
\ No newline at end of file
diff --git a/samples/AntiforgerySample/FormPostSampleMiddleware.cs b/samples/AntiforgerySample/FormPostSampleMiddleware.cs
new file mode 100644
index 0000000000..946513badd
--- /dev/null
+++ b/samples/AntiforgerySample/FormPostSampleMiddleware.cs
@@ -0,0 +1,67 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.AspNet.Antiforgery;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.OptionsModel;
+
+namespace AntiforgerySample
+{
+ public class FormPostSampleMiddleware
+ {
+ private readonly Antiforgery _antiforgery;
+ private readonly AntiforgeryOptions _options;
+ private readonly RequestDelegate _next;
+
+ public FormPostSampleMiddleware(
+ RequestDelegate next,
+ Antiforgery antiforgery,
+ IOptions options)
+ {
+ _next = next;
+ _antiforgery = antiforgery;
+ _options = options.Options;
+ }
+
+ public async Task Invoke(HttpContext context)
+ {
+ if (context.Request.Method == "GET")
+ {
+ var page =
+@"
+
+
+
+";
+
+ var tokenSet = _antiforgery.GetTokens(context, oldCookieToken: null);
+ context.Response.Cookies.Delete(_options.CookieName);
+ context.Response.Cookies.Append(_options.CookieName, tokenSet.CookieToken);
+ await context.Response.WriteAsync(string.Format(page, _options.FormFieldName, tokenSet.FormToken));
+ }
+ else if (context.Request.Method == "POST")
+ {
+ // This will throw if invalid.
+ await _antiforgery.ValidateAsync(context);
+
+ var page =
+@"
+
+Everything is fine
+
+
+";
+ await context.Response.WriteAsync(page);
+ }
+ else
+ {
+ await _next(context);
+ }
+ }
+ }
+}
diff --git a/samples/AntiforgerySample/Startup.cs b/samples/AntiforgerySample/Startup.cs
new file mode 100644
index 0000000000..dadb75b86f
--- /dev/null
+++ b/samples/AntiforgerySample/Startup.cs
@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Builder;
+using Microsoft.Framework.DependencyInjection;
+
+namespace AntiforgerySample
+{
+ public class Startup
+ {
+ public void ConfigureServices(IServiceCollection services)
+ {
+ services.AddAntiforgery();
+ }
+
+ public void Configure(IApplicationBuilder app)
+ {
+ app.UseStaticFiles();
+ app.UseMiddleware();
+ }
+ }
+}
diff --git a/samples/AntiforgerySample/project.json b/samples/AntiforgerySample/project.json
new file mode 100644
index 0000000000..34f061b15b
--- /dev/null
+++ b/samples/AntiforgerySample/project.json
@@ -0,0 +1,36 @@
+{
+ "webroot": "wwwroot",
+ "version": "1.0.0-*",
+
+ "dependencies": {
+ "Microsoft.AspNet.Antiforgery": "1.0.0-*",
+ "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
+ "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+ "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+ "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+ "Microsoft.AspNet.StaticFiles": "1.0.0-*"
+ },
+
+ "commands": {
+ "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5000",
+ "web": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener --server.urls http://localhost:5000"
+ },
+
+ "frameworks": {
+ "dnx451": { },
+ "dnxcore50": { }
+ },
+
+ "publishExclude": [
+ "node_modules",
+ "bower_components",
+ "**.xproj",
+ "**.user",
+ "**.vspscc"
+ ],
+ "exclude": [
+ "wwwroot",
+ "node_modules",
+ "bower_components"
+ ]
+}
diff --git a/samples/AntiforgerySample/wwwroot/Index.html b/samples/AntiforgerySample/wwwroot/Index.html
new file mode 100644
index 0000000000..94edeefc78
--- /dev/null
+++ b/samples/AntiforgerySample/wwwroot/Index.html
@@ -0,0 +1,10 @@
+
+
+
+
+ Antiforgery Sample
+
+
+ Hello, World!
+
+
\ No newline at end of file
diff --git a/samples/AntiforgerySample/wwwroot/favicon.ico b/samples/AntiforgerySample/wwwroot/favicon.ico
new file mode 100644
index 0000000000..5f282702bb
--- /dev/null
+++ b/samples/AntiforgerySample/wwwroot/favicon.ico
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Antiforgery/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Antiforgery/ServiceCollectionExtensions.cs
index 59c278957b..22ad5f2202 100644
--- a/src/Microsoft.AspNet.Antiforgery/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Antiforgery/ServiceCollectionExtensions.cs
@@ -12,9 +12,11 @@ namespace Microsoft.Framework.DependencyInjection
public static IServiceCollection AddAntiforgery([NotNull] this IServiceCollection services)
{
services.AddDataProtection();
+ services.AddWebEncoders();
services.TryAdd(ServiceDescriptor.Singleton());
services.TryAdd(ServiceDescriptor.Singleton());
+ services.TryAdd(ServiceDescriptor.Scoped());
services.TryAdd(
ServiceDescriptor.Singleton());
return services;
diff --git a/src/Microsoft.AspNet.Antiforgery/project.json b/src/Microsoft.AspNet.Antiforgery/project.json
index 565854b5df..d46ba0c895 100644
--- a/src/Microsoft.AspNet.Antiforgery/project.json
+++ b/src/Microsoft.AspNet.Antiforgery/project.json
@@ -7,7 +7,8 @@
"Microsoft.AspNet.WebUtilities": "1.0.0-*",
"Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-*",
"Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
- "Microsoft.Framework.OptionsModel": "1.0.0-*"
+ "Microsoft.Framework.OptionsModel": "1.0.0-*",
+ "Microsoft.Framework.WebEncoders": "1.0.0-*"
},
"frameworks" : {