Class AspNetAntiForgery
Integrates the cross-site request forgery prevention with ASP.NET
Inheritance
Inherited Members
Namespace: EPiServer.Framework.Web
Assembly: EPiServer.Framework.AspNet.dll
Version: 11.20.7Syntax
public class AspNetAntiForgeryConstructors
AspNetAntiForgery(HttpRequestBase, HttpResponseBase)
Initializes a new instance of the AspNetAntiForgery class.
Declaration
public AspNetAntiForgery(HttpRequestBase request, HttpResponseBase response)Parameters
| Type | Name | Description |
|---|---|---|
| System.Web.HttpRequestBase | request | The request object. |
| System.Web.HttpResponseBase | response | The response object. |
AspNetAntiForgery(HttpRequestBase, HttpResponseBase, AspNetAntiForgeryOptions)
Initializes a new instance of the AspNetAntiForgery class.
Declaration
public AspNetAntiForgery(HttpRequestBase request, HttpResponseBase response, AspNetAntiForgeryOptions antiForgeryOptions)Parameters
| Type | Name | Description |
|---|---|---|
| System.Web.HttpRequestBase | request | The request object. |
| System.Web.HttpResponseBase | response | The response object. |
| AspNetAntiForgeryOptions | antiForgeryOptions | The anti-forgery options. |
AspNetAntiForgery(Page)
Initializes a new instance of the AspNetAntiForgery class.
Declaration
public AspNetAntiForgery(Page page)Parameters
| Type | Name | Description |
|---|---|---|
| System.Web.UI.Page | page | The page. |
Properties
CookieName
Gets the name of the anti-forgery cookie.
Declaration
public string CookieName { get; }Property Value
| Type | Description |
|---|---|
| System.String | The name of the token. |
FieldName
Gets the name of the form field where to store the XSRF validation data.
Declaration
public string FieldName { get; }Property Value
| Type | Description |
|---|---|
| System.String | The name of the field. |
HeaderName
Gets the name of the header where to store the XSRF validation data.
Declaration
public string HeaderName { get; }Property Value
| Type | Description |
|---|---|
| System.String | The name of the header. |
Methods
CreateNewValidationToken()
Creates a new validation token and sets it to the cookie, overriding the existing value.
Declaration
public string CreateNewValidationToken()Returns
| Type | Description |
|---|---|
| System.String | The validation token. |
CreateValidationField(ClientScriptManager)
Adds the hidden anti-forgery field to a Web Forms page.
Declaration
public void CreateValidationField(ClientScriptManager scriptManager)Parameters
| Type | Name | Description |
|---|---|---|
| System.Web.UI.ClientScriptManager | scriptManager | The script manager for the current page. |
CreateValidationToken()
Gets the validation token from the cookie, or creates a new if the cookie does not exist.
Declaration
public string CreateValidationToken()Returns
| Type | Description |
|---|---|
| System.String | The validation token. |
RemoveCookie()
Removes the anti-forgery cookie.
Declaration
public void RemoveCookie()Remarks
Call this on login/logout to ensure we have a new session.
ValidateField()
Validates the current request by checking that the hidden field can be validated with the cookie data.
Declaration
public void ValidateField()ValidateOrigin()
Checking the current request for same origin.
Declaration
public void ValidateOrigin()ValidateToken(String)
Validates the string representation of the token against the anti-forgery cookie.
Declaration
public void ValidateToken(string token)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | token | The validation data. |
Remarks
This is primarily used in a non-WebForms scenario. For Web Forms you should call ValidateField instead.
