68 lines
1.9 KiB
C#
68 lines
1.9 KiB
C#
// Copyright (c) .NET Foundation. All rights reserved.
|
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
|
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNet.Antiforgery;
|
|
using Microsoft.AspNet.Builder;
|
|
using Microsoft.AspNet.Http;
|
|
using Microsoft.Framework.OptionsModel;
|
|
|
|
namespace AntiforgerySample
|
|
{
|
|
public class FormPostSampleMiddleware
|
|
{
|
|
private readonly Antiforgery _antiforgery;
|
|
private readonly AntiforgeryOptions _options;
|
|
private readonly RequestDelegate _next;
|
|
|
|
public FormPostSampleMiddleware(
|
|
RequestDelegate next,
|
|
Antiforgery antiforgery,
|
|
IOptions<AntiforgeryOptions> options)
|
|
{
|
|
_next = next;
|
|
_antiforgery = antiforgery;
|
|
_options = options.Options;
|
|
}
|
|
|
|
public async Task Invoke(HttpContext context)
|
|
{
|
|
if (context.Request.Method == "GET")
|
|
{
|
|
var page =
|
|
@"<html>
|
|
<body>
|
|
<form action=""/"" method=""post"">
|
|
<input type=""text"" name=""{0}"" value=""{1}""/>
|
|
<input type=""submit"" />
|
|
</form>
|
|
</body>
|
|
</html>";
|
|
|
|
var tokenSet = _antiforgery.GetTokens(context, oldCookieToken: null);
|
|
context.Response.Cookies.Delete(_options.CookieName);
|
|
context.Response.Cookies.Append(_options.CookieName, tokenSet.CookieToken);
|
|
await context.Response.WriteAsync(string.Format(page, _options.FormFieldName, tokenSet.FormToken));
|
|
}
|
|
else if (context.Request.Method == "POST")
|
|
{
|
|
// This will throw if invalid.
|
|
await _antiforgery.ValidateAsync(context);
|
|
|
|
var page =
|
|
@"<html>
|
|
<body>
|
|
<h1>Everything is fine</h1>
|
|
</form>
|
|
</body>
|
|
</html>";
|
|
await context.Response.WriteAsync(page);
|
|
}
|
|
else
|
|
{
|
|
await _next(context);
|
|
}
|
|
}
|
|
}
|
|
}
|