init
This commit is contained in:
commit
e124a47765
19374 changed files with 9806149 additions and 0 deletions
KretaWeb/Security
48
KretaWeb/Security/MvcValidateAjaxAntiForgeryToken.cs
Normal file
48
KretaWeb/Security/MvcValidateAjaxAntiForgeryToken.cs
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
using System;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Web.Helpers;
|
||||
using System.Web.Mvc;
|
||||
|
||||
namespace Kreta.Web.Security
|
||||
{
|
||||
/// <summary>
|
||||
/// Validálja az Ajax hívások esetén a tokent csak az Ajaxhelper.js álltal küldött ajax hívás tartalmazza a tokent
|
||||
/// </summary>
|
||||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
|
||||
public class MvcValidateAjaxAntiForgeryToken : AuthorizeAttribute
|
||||
{
|
||||
|
||||
public override void OnAuthorization(AuthorizationContext filterContext)
|
||||
{
|
||||
if (filterContext?.HttpContext?.Request.Headers != null)
|
||||
{
|
||||
|
||||
var headerToken = filterContext.HttpContext
|
||||
.Request
|
||||
.Headers
|
||||
.GetValues("X-Request-Verification-Token");
|
||||
|
||||
var cookieToken = filterContext.HttpContext
|
||||
.Request
|
||||
.Cookies[AntiForgeryConfig.CookieName];
|
||||
|
||||
if (cookieToken == null || headerToken == null)
|
||||
{
|
||||
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
|
||||
}
|
||||
else
|
||||
{
|
||||
try
|
||||
{
|
||||
AntiForgery.Validate(cookieToken.Value, headerToken.FirstOrDefault());
|
||||
}
|
||||
catch
|
||||
{
|
||||
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue