Class AspNetAntiForgery

Integrates the cross-site request forgery prevention with ASP.NET

Inheritance

System.Object

AspNetAntiForgery

Namespace: EPiServer.Framework.Web

Assembly: EPiServer.Framework.AspNetCore.dll

Version: 12.0.3

Syntax

public class AspNetAntiForgery : Object

Constructors

AspNetAntiForgery(HttpRequest, HttpResponse, AspNetAntiForgeryOptions)

Initializes a new instance of the AspNetAntiForgery class.

Declaration

public AspNetAntiForgery(HttpRequest request, HttpResponse response, AspNetAntiForgeryOptions antiForgeryOptions)

Parameters

Type	Name	Description
Microsoft.AspNetCore.Http.HttpRequest	request	The request object.
Microsoft.AspNetCore.Http.HttpResponse	response	The response object.
AspNetAntiForgeryOptions	antiForgeryOptions	The anti-forgery options.

Properties

CookieName

Gets the name of the anti-forgery cookie.

Declaration

public string CookieName { get; }

Property Value

Type	Description
System.String	The name of the token.

FieldName

Gets the name of the form field where to store the XSRF validation data.

Declaration

public string FieldName { get; }

Property Value

Type	Description
System.String	The name of the field.

HeaderName

Gets the name of the header where to store the XSRF validation data.

Declaration

public string HeaderName { get; }

Property Value

Type	Description
System.String	The name of the header.

Methods

CreateNewValidationToken()

Creates a new validation token and sets it to the cookie, overriding the existing value.

Declaration

public string CreateNewValidationToken()

Returns

Type	Description
System.String	The validation token.

CreateValidationToken()

Gets the validation token from the cookie, or creates a new if the cookie does not exist.

Declaration

public string CreateValidationToken()

Returns

Type	Description
System.String	The validation token.

RemoveCookie()

Removes the anti-forgery cookie.

Declaration

public void RemoveCookie()

Remarks

Call this on login/logout to ensure we have a new session.

ValidateField()

Validates the current request by checking that the hidden field can be validated with the cookie data.

Declaration

public void ValidateField()

ValidateOrigin()

Checking the current request for same origin.

Declaration

public void ValidateOrigin()

ValidateToken(String)

Validates the string representation of the token against the anti-forgery cookie.

Declaration

public void ValidateToken(string token)

Parameters

Type	Name	Description
System.String	token	The validation data.

Remarks

This is primarily used in a non-WebForms scenario. For Web Forms you should call ValidateField instead.

Extension Methods

IdentityObjectExtensions.GetIdentity(Object)

IdentityObjectExtensions.SetIdentity(Object, Identity)

PropertyBagObjectsExtensions.ToPropertyBag(Object)

PropertyBagObjectsExtensions.ToPropertyBag(Object, IEnumerable<String>)

RuntimeModelExtensions.GetOriginalType(Object)