42 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			42 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|  | using System.Net; | |||
|  | using System.Web.Helpers; | |||
|  | using System.Web.Mvc; | |||
|  | 
 | |||
|  | namespace Learun.Application.Web | |||
|  | { | |||
|  |     /// <summary> | |||
|  |     /// 版 本 PIT-ADMS V7.0.3 敏捷开发框架 | |||
|  |     /// Copyright (c) 2013-2018 Hexagon PPM | |||
|  |     /// 创建人:-框架开发组 | |||
|  |     /// 日 期:2017.03.08 | |||
|  |     /// 描 述:防伪验证 | |||
|  |     /// </summary> | |||
|  |     public class HandlerValidateAntiForgeryTokenAttribute:AuthorizeAttribute | |||
|  |     { | |||
|  |         /// <summary> | |||
|  |         /// 拦截器 | |||
|  |         /// </summary> | |||
|  |         /// <param name="filterContext">http上下文</param> | |||
|  |         public override void OnAuthorization(AuthorizationContext filterContext) | |||
|  |         { | |||
|  |             var request = filterContext.HttpContext.Request; | |||
|  |             if (request.HttpMethod == WebRequestMethods.Http.Post) | |||
|  |             { | |||
|  |                 if (request.IsAjaxRequest()) | |||
|  |                 { | |||
|  |                     var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName]; | |||
|  |                     var cookieValue = antiForgeryCookie != null | |||
|  |                      ? antiForgeryCookie.Value | |||
|  |                      : null; | |||
|  |                     //从cookies 和 Headers 中 验证防伪标记 | |||
|  |                     //这里可以加try-catch | |||
|  |                     AntiForgery.Validate(cookieValue, request.Headers["__RequestVerificationToken"]); | |||
|  |                 } | |||
|  |                 else | |||
|  |                 { | |||
|  |                     new ValidateAntiForgeryTokenAttribute().OnAuthorization(filterContext); | |||
|  |                 } | |||
|  |             } | |||
|  |         } | |||
|  |     } | |||
|  | } |