Try our conversational search powered by Generative AI!

AI OnAI Off

Class AspNetAntiForgery

Integrates the cross-site request forgery prevention with ASP.NET

Inheritance
System.Object
AspNetAntiForgery
Inherited Members
System.Object.ToString()
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
Namespace: EPiServer.Framework.Web
Assembly: EPiServer.Framework.dll
Version: 8.11.0
Syntax
public class AspNetAntiForgery

Constructors

AspNetAntiForgery(HttpRequestBase, HttpResponseBase)

Initializes a new instance of the AspNetAntiForgery class.

Declaration
public AspNetAntiForgery(HttpRequestBase request, HttpResponseBase response)
Parameters
Type Name Description
System.Web.HttpRequestBase request

The request object.
System.Web.HttpResponseBase response

The response object.

AspNetAntiForgery(Page)

Initializes a new instance of the AspNetAntiForgery class.

Declaration
public AspNetAntiForgery(Page page)
Parameters
Type Name Description
System.Web.UI.Page page

The page.

Properties

CookieName

Gets the name of the anti-forgery cookie.

Declaration
public string CookieName { get; }
Property Value
Type Description
System.String

The name of the token.
Remarks

This name is used both to identify the cookie as well as the hidden field.

FieldName

Gets the name of the form field where to store the XSRF validation data.

Declaration
public string FieldName { get; }
Property Value
Type Description
System.String

The name of the field.

HeaderName

Gets the name of the header where to store the XSRF validation data.

Declaration
public string HeaderName { get; }
Property Value
Type Description
System.String

The name of the header.

Methods

CreateValidationField(ClientScriptManager)

Adds the hidden anti-forgery field to a Web Forms page.

Declaration
public void CreateValidationField(ClientScriptManager scriptManager)
Parameters
Type Name Description
System.Web.UI.ClientScriptManager scriptManager

The script manager for the current page.
Remarks

If the request is not authenticated, this method does nothing.

CreateValidationToken()

Creates the validation token based on cookie.

Declaration
public string CreateValidationToken()
Returns
Type Description
System.String

The validation token.
Remarks

This method will return empty string if the request is not authenticated.

The anti-forgery cookie will be created if it does not exist.

RemoveCookie()

Removes the anti-forgery cookie.

Declaration
public void RemoveCookie()
Remarks

Call this on login/logout to ensure we have a new session.

ValidateField()

Validates the current request by checking that the hidden field can be validated with the cookie data.

Declaration
public void ValidateField()

ValidateToken(String)

Validates the string representation of the token against the anti-forgery cookie.

Declaration
public void ValidateToken(string token)
Parameters
Type Name Description
System.String token

The validation data.
Remarks

This is primarily used in a non-WebForms scenario. For Web Forms you should call ValidateField instead.