48 lines
1.7 KiB
C#
48 lines
1.7 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Net;
|
|
using System.Web.Helpers;
|
|
using System.Web.Mvc;
|
|
|
|
namespace Kreta.Web.Security
|
|
{
|
|
/// <summary>
|
|
/// Validálja az Ajax hívások esetén a tokent csak az Ajaxhelper.js álltal küldött ajax hívás tartalmazza a tokent
|
|
/// </summary>
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
|
|
public class MvcValidateAjaxAntiForgeryToken : AuthorizeAttribute
|
|
{
|
|
|
|
public override void OnAuthorization(AuthorizationContext filterContext)
|
|
{
|
|
if (filterContext?.HttpContext?.Request.Headers != null)
|
|
{
|
|
|
|
var headerToken = filterContext.HttpContext
|
|
.Request
|
|
.Headers
|
|
.GetValues("X-Request-Verification-Token");
|
|
|
|
var cookieToken = filterContext.HttpContext
|
|
.Request
|
|
.Cookies[AntiForgeryConfig.CookieName];
|
|
|
|
if (cookieToken == null || headerToken == null)
|
|
{
|
|
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
|
|
}
|
|
else
|
|
{
|
|
try
|
|
{
|
|
AntiForgery.Validate(cookieToken.Value, headerToken.FirstOrDefault());
|
|
}
|
|
catch
|
|
{
|
|
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|