angyLe
5/9/2017 - 10:06 AM

antiforgery token filter not works perfectly

antiforgery token filter not works perfectly

new_gist_file_1
content_copyfile_download
 string invalidLoginAttempt = _localizer["InvalidLoginAttemt"];
            //IAntiforgery blabla;
            //blabla.ValidateRequestAsync();
            StringValues value;
            string KEY_NAME = "AspNetCore.Antiforgery";// "__RequestVerificationToken";
        bool bla = HttpContext.Request.Headers.TryGetValue(KEY_NAME, out value);
            var blablw = HttpContext.Request.Headers.Values;
            IRequestCookieCollection be = HttpContext.Request.Cookies;
            var blj = be["AspNetCore.Antiforgery"];

            var serverToken = HttpContext.Request.Cookies[".AspNetCore.Antiforgery.HNYF3fEIRKM"];
            var requestToken = HttpContext.Request.Form["__RequestVerificationToken"];
new_gist_file_0
content_copyfile_download
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
using System;
using System.Collections.Generic;
using System.IdentityModel.Policy;
using System.Linq;
using System.Threading.Tasks;

namespace ForumWeb.Controllers.Filter
{
    public class AntiForgeryTokenTestFilter : Attribute, IAsyncActionFilter
    {
      
            private const string KEY_NAME = "__RequestVerificationToken";
            private ILoggerFactory  _loggerFactory;
            private ILogger _logger;
            private IOptions<AntiforgeryOptions> _antiForgeryOptions;




        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) // public async Task OnActionExecutionAsync(ActionExecutingContext context,  ActionExecutionDelegate next)
        {
            _loggerFactory = (ILoggerFactory )context.HttpContext.RequestServices.GetService(typeof(ILoggerFactory));
            _logger = _loggerFactory.CreateLogger<AntiForgeryTokenTestFilter>();

            _antiForgeryOptions = (IOptions<AntiforgeryOptions>)context.HttpContext.RequestServices.GetService(typeof(IOptions<AntiforgeryOptions>));  //IOptions<AntiforgeryOptions>
            string antiforgeryCookieName = _antiForgeryOptions.Value.CookieName;
            string antiForgeryCookieValue = context.HttpContext.Request.Cookies[antiforgeryCookieName];
            /* StringValues value;
             bool clientToken = filterContext.HttpContext.Request.Headers.TryGetValue(KEY_NAME, out value);  
             if (clientToken == false)
             {
                 _logger.LogInformation("clientToken is null");
             }


                 string serverToken = filterContext.HttpContext.Request.Cookies.Get(KEY_NAME).Value;
                 if (serverToken == null) throw new HttpAntiForgeryException(String.Format("Cookies does not contain {0}", KEY_NAME)); */




            IAntiforgery antiforgery = (IAntiforgery)context.HttpContext.RequestServices.GetService(typeof(IAntiforgery));
            HttpContext httpcontext = context.HttpContext;
            AntiforgeryTokenSet tokenSet = antiforgery.GetTokens(httpcontext);
            string cookieToken = tokenSet.CookieToken;
            
            string requestToken = tokenSet.RequestToken;
            

            try 
            {
                await antiforgery.ValidateRequestAsync(httpcontext);

            }
            catch (Exception ex)
            {
                _logger.LogInformation(ex.InnerException.Message);
            }

            await next();
        }

    }
    
}