4629148519
This new middleware participates in authentication and acts as a filter when the request doesn't include a valid CSRF token for a POST. Any authentication middleware that you want to validate an antiforgery token should go ahead of this middleware in the pipeline (Cookies, IISIntegration). This also takes care of automatic auth (Windows) done by weblistener. Any authentication middleware that you want to ignore antiforgery should go after this middleware in the pipeline. To facilitate this, there are a few changes in the antiforgery API surface. Namely we can now pass in a principal to validate tokens. You can't pass in a principal to generate tokens - we expect you to be logged in at that poing. Also, ValidateRequestAsync(...) now checks the HTTP verb and won't validate GETs and such. |
||
|---|---|---|
| samples/AntiforgerySample | ||
| src/Microsoft.AspNetCore.Antiforgery | ||
| test | ||
| tools | ||
| .bowerrc | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| Antiforgery.sln | ||
| CONTRIBUTING.md | ||
| LICENSE.txt | ||
| NuGet.config | ||
| NuGetPackageVerifier.json | ||
| README.md | ||
| appveyor.yml | ||
| build.cmd | ||
| build.sh | ||
| global.json | ||
| makefile.shade | ||
README.md
Antiforgery
AppVeyor:
Travis: 
Antiforgery system for generating secure tokens to prevent Cross-Site Request Forgery attacks.
This project is part of ASP.NET 5. You can find samples, documentation and getting started instructions for ASP.NET 5 at the Home repo.