Manual Anti-Forgery Token Creation and Validation in ASP.NET 5

Question

I am playing around with ASP vnext and AngularJS. I have set up a Web API, am using some controllers and am using angular to do some web-magic.

I have followed most of t

Answer 1

Following is an example from the ASP.NET 5's MusicStore sample:

https://github.com/aspnet/MusicStore/blob/master/src/MusicStore/Controllers/ShoppingCartController.cs#L62

Snippet from the above link(Note that you can use the [FromServices] AntiForgery antiforgery as a parameter to the action if you do no like how the link does above):

[HttpPost]
public async Task RemoveFromCart(int id)
{
    var formParameters = await Context.Request.ReadFormAsync();
    var requestVerification = formParameters["RequestVerificationToken"];
    string cookieToken = null;
    string formToken = null;

    if (!string.IsNullOrWhiteSpace(requestVerification))
    {
        var tokens = requestVerification.Split(':');

        if (tokens != null && tokens.Length == 2)
        {
            cookieToken = tokens[0];
            formToken = tokens[1];
        }
    }

    var antiForgery = Context.RequestServices.GetService();
    antiForgery.Validate(Context, new AntiForgeryTokenSet(formToken, cookieToken));
    ......