I am playing around with ASP vnext and AngularJS. I have set up a Web API, am using some controllers and am using angular to do some web-magic.
I have followed most of this guide to get my project up and running: http://stephenwalther.com/archive/2015/01/29/asp-net-5-and-angularjs-part-6-security
... which works fine. I have set up my db and such and I have things working. I have the identity framework set up too but I am not using it as of yet.
I want to post some data to the WebAPI. Which also works fine, but now I want to do it while using anti forgery tokens. I have googled a lot and I guess this makes the most sense: novablog
However: this uses System.Web.Helpers to create the tokens and validate them. They are not available anymore in vnext. I cannot figure out what to use to create and validate the tokens now.
Any ideas?
Following is an example from the ASP.NET 5's MusicStore sample:
https://github.com/aspnet/MusicStore/blob/master/src/MusicStore/Controllers/ShoppingCartController.cs#L62
Snippet from the above link(Note that you can use the [FromServices] AntiForgery antiforgery
as a parameter to the action if you do no like how the link does above):
[HttpPost]
public async Task<IActionResult> RemoveFromCart(int id)
{
var formParameters = await Context.Request.ReadFormAsync();
var requestVerification = formParameters["RequestVerificationToken"];
string cookieToken = null;
string formToken = null;
if (!string.IsNullOrWhiteSpace(requestVerification))
{
var tokens = requestVerification.Split(':');
if (tokens != null && tokens.Length == 2)
{
cookieToken = tokens[0];
formToken = tokens[1];
}
}
var antiForgery = Context.RequestServices.GetService<AntiForgery>();
antiForgery.Validate(Context, new AntiForgeryTokenSet(formToken, cookieToken));
......
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With