I am playing around with ASP vnext and AngularJS. I have set up a Web API, am using some controllers and am using angular to do some web-magic.
I have followed most of this guide to get my project up and running: http://stephenwalther.com/archive/2015/01/29/asp-net-5-and-angularjs-part-6-security
... which works fine. I have set up my db and such and I have things working. I have the identity framework set up too but I am not using it as of yet.
I want to post some data to the WebAPI. Which also works fine, but now I want to do it while using anti forgery tokens. I have googled a lot and I guess this makes the most sense: novablog
However: this uses System.Web.Helpers to create the tokens and validate them. They are not available anymore in vnext. I cannot figure out what to use to create and validate the tokens now.
Any ideas?
Following is an example from the ASP.NET 5's MusicStore sample:
Snippet from the above link(Note that you can use the [FromServices] AntiForgery antiforgery as a parameter to the action if you do no like how the link does above):
[HttpPost]
public async Task<IActionResult> RemoveFromCart(int id)
{
var formParameters = await Context.Request.ReadFormAsync();
var requestVerification = formParameters["RequestVerificationToken"];
string cookieToken = null;
string formToken = null;
if (!string.IsNullOrWhiteSpace(requestVerification))
{
var tokens = requestVerification.Split(':');
if (tokens != null && tokens.Length == 2)
{
cookieToken = tokens[0];
formToken = tokens[1];
}
}
var antiForgery = Context.RequestServices.GetService<AntiForgery>();
antiForgery.Validate(Context, new AntiForgeryTokenSet(formToken, cookieToken));
......
check out MVC Github repo, ValidateAntiForgeryTokenAttribute exists.
And there's the asp-anti-forgerytaghelper
来源:https://stackoverflow.com/questions/29353875/manual-anti-forgery-token-creation-and-validation-in-asp-net-5