67 lines
1.8 KiB
C#
67 lines
1.8 KiB
C#
// Copyright (c) .NET Foundation. All rights reserved.
|
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
|
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNet.Antiforgery;
|
|
using Microsoft.AspNet.Builder;
|
|
using Microsoft.AspNet.Http;
|
|
using Microsoft.Extensions.OptionsModel;
|
|
|
|
namespace AntiforgerySample
|
|
{
|
|
public class FormPostSampleMiddleware
|
|
{
|
|
private readonly IAntiforgery _antiforgery;
|
|
private readonly AntiforgeryOptions _options;
|
|
private readonly RequestDelegate _next;
|
|
|
|
public FormPostSampleMiddleware(
|
|
RequestDelegate next,
|
|
IAntiforgery antiforgery,
|
|
IOptions<AntiforgeryOptions> options)
|
|
{
|
|
_next = next;
|
|
_antiforgery = antiforgery;
|
|
_options = options.Value;
|
|
}
|
|
|
|
public async Task Invoke(HttpContext context)
|
|
{
|
|
if (context.Request.Method == "GET")
|
|
{
|
|
var page =
|
|
@"<html>
|
|
<body>
|
|
<form action=""/"" method=""post"">
|
|
<input type=""text"" name=""{0}"" value=""{1}""/>
|
|
<input type=""submit"" />
|
|
</form>
|
|
</body>
|
|
</html>";
|
|
|
|
var tokenSet = _antiforgery.GetAndStoreTokens(context);
|
|
await context.Response.WriteAsync(string.Format(page, _options.FormFieldName, tokenSet.RequestToken));
|
|
}
|
|
else if (context.Request.Method == "POST")
|
|
{
|
|
// This will throw if invalid.
|
|
await _antiforgery.ValidateRequestAsync(context);
|
|
|
|
var page =
|
|
@"<html>
|
|
<body>
|
|
<h1>Everything is fine</h1>
|
|
<h2><a href=""/"">Try Again</a></h2>
|
|
</form>
|
|
</body>
|
|
</html>";
|
|
await context.Response.WriteAsync(page);
|
|
}
|
|
else
|
|
{
|
|
await _next(context);
|
|
}
|
|
}
|
|
}
|
|
}
|