|
1 | | -//using System; |
2 | | -//using Microsoft.AspNetCore.Antiforgery; |
3 | | -//using Microsoft.AspNetCore.Authentication.JwtBearer; |
4 | | -//using Microsoft.AspNetCore.Mvc.Filters; |
5 | | -//using Microsoft.AspNetCore.Mvc.ViewFeatures.Internal; |
6 | | -//using Microsoft.Extensions.Logging; |
| 1 | +using System.Threading.Tasks; |
| 2 | +using Microsoft.AspNetCore.Antiforgery; |
| 3 | +using Microsoft.AspNetCore.Http; |
| 4 | +using Microsoft.AspNetCore.Mvc.Filters; |
7 | 5 |
|
8 | | -//namespace SimplCommerce.Infrastructure.Web |
9 | | -//{ |
10 | | -// public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter : AutoValidateAntiforgeryTokenAuthorizationFilter |
11 | | -// { |
12 | | -// public CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory) |
13 | | -// : base(antiforgery, loggerFactory) |
14 | | -// { |
15 | | -// } |
| 6 | +namespace SimplCommerce.Infrastructure.Web |
| 7 | +{ |
| 8 | + public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery) : IAsyncAuthorizationFilter |
| 9 | + { |
| 10 | + public async Task OnAuthorizationAsync(AuthorizationFilterContext context) |
| 11 | + { |
| 12 | + var httpContext = context.HttpContext; |
| 13 | + if (HttpMethods.IsGet(httpContext.Request.Method) || |
| 14 | + HttpMethods.IsHead(httpContext.Request.Method) || |
| 15 | + HttpMethods.IsOptions(httpContext.Request.Method) || |
| 16 | + HttpMethods.IsTrace(httpContext.Request.Method)) |
| 17 | + { |
| 18 | + return; |
| 19 | + } |
16 | 20 |
|
17 | | -// protected override bool ShouldValidate(AuthorizationFilterContext context) |
18 | | -// { |
19 | | -// if (context == null) |
20 | | -// { |
21 | | -// throw new ArgumentNullException(nameof(context)); |
22 | | -// } |
| 21 | + if (!httpContext.Request.Path.StartsWithSegments("/api")) |
| 22 | + { |
| 23 | + return; |
| 24 | + } |
23 | 25 |
|
24 | | -// if (!context.HttpContext.Request.Path.StartsWithSegments("/api")) |
25 | | -// { |
26 | | -// return false; |
27 | | -// } |
| 26 | + if (httpContext.User.Identity?.AuthenticationType != "Identity.Application") |
| 27 | + { |
| 28 | + return; |
| 29 | + } |
28 | 30 |
|
29 | | -// if (context.HttpContext.User.Identity?.AuthenticationType != "Identity.Application") |
30 | | -// { |
31 | | -// return false; |
32 | | -// } |
33 | | - |
34 | | -// return base.ShouldValidate(context); |
35 | | -// } |
36 | | -// } |
37 | | -//} |
| 31 | + await antiforgery.ValidateRequestAsync(httpContext); |
| 32 | + } |
| 33 | + } |
| 34 | +} |
0 commit comments