Class AspNetAntiForgery

Integrates the cross-site request forgery prevention with ASP.NET

Inheritance

System.Object

AspNetAntiForgery

Inherited Members

System.Object.ToString()

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

Namespace: EPiServer.Framework.Web

Assembly: EPiServer.Framework.AspNet.dll

Version: 11.20.7

Syntax

public class AspNetAntiForgery

Constructors

AspNetAntiForgery(HttpRequestBase, HttpResponseBase)

Initializes a new instance of the AspNetAntiForgery class.

Declaration

public AspNetAntiForgery(HttpRequestBase request, HttpResponseBase response)

Parameters

Type	Name	Description
System.Web.HttpRequestBase	request	The request object.
System.Web.HttpResponseBase	response	The response object.

AspNetAntiForgery(HttpRequestBase, HttpResponseBase, AspNetAntiForgeryOptions)

Initializes a new instance of the AspNetAntiForgery class.

Declaration

public AspNetAntiForgery(HttpRequestBase request, HttpResponseBase response, AspNetAntiForgeryOptions antiForgeryOptions)

Parameters

Type	Name	Description
System.Web.HttpRequestBase	request	The request object.
System.Web.HttpResponseBase	response	The response object.
AspNetAntiForgeryOptions	antiForgeryOptions	The anti-forgery options.

AspNetAntiForgery(Page)

Initializes a new instance of the AspNetAntiForgery class.

Declaration

public AspNetAntiForgery(Page page)

Parameters

Type	Name	Description
System.Web.UI.Page	page	The page.

Properties

CookieName

Gets the name of the anti-forgery cookie.

Declaration

public string CookieName { get; }

Property Value

Type	Description
System.String	The name of the token.

FieldName

Gets the name of the form field where to store the XSRF validation data.

Declaration

public string FieldName { get; }

Property Value

Type	Description
System.String	The name of the field.

HeaderName

Gets the name of the header where to store the XSRF validation data.

Declaration

public string HeaderName { get; }

Property Value

Type	Description
System.String	The name of the header.

Methods

CreateNewValidationToken()

Creates a new validation token and sets it to the cookie, overriding the existing value.

Declaration

public string CreateNewValidationToken()

Returns

Type	Description
System.String	The validation token.

CreateValidationField(ClientScriptManager)

Adds the hidden anti-forgery field to a Web Forms page.

Declaration

public void CreateValidationField(ClientScriptManager scriptManager)

Parameters

Type	Name	Description
System.Web.UI.ClientScriptManager	scriptManager	The script manager for the current page.

CreateValidationToken()

Gets the validation token from the cookie, or creates a new if the cookie does not exist.

Declaration

public string CreateValidationToken()

Returns

Type	Description
System.String	The validation token.

RemoveCookie()

Removes the anti-forgery cookie.

Declaration

public void RemoveCookie()

Remarks

Call this on login/logout to ensure we have a new session.

ValidateField()

Validates the current request by checking that the hidden field can be validated with the cookie data.

Declaration

public void ValidateField()

ValidateOrigin()

Checking the current request for same origin.

Declaration

public void ValidateOrigin()

ValidateToken(String)

Validates the string representation of the token against the anti-forgery cookie.

Declaration

public void ValidateToken(string token)

Parameters

Type	Name	Description
System.String	token	The validation data.

Remarks

This is primarily used in a non-WebForms scenario. For Web Forms you should call ValidateField instead.

Extension Methods

IdentityObjectExtensions.GetIdentity(Object)

IdentityObjectExtensions.SetIdentity(Object, Identity)

PropertyBagObjectsExtensions.ToPropertyBag(Object)

PropertyBagObjectsExtensions.ToPropertyBag(Object, IEnumerable<String>)

RuntimeModelExtensions.GetOriginalType(Object)