IAntiForgeryAdditionalDataProvider
Allows providing or validating additional custom data for anti-forgery tokens. For example, the developer could use this to supply a nonce when the token is generated, then he could validate the nonce when the token is validated.
The anti-forgery system already embeds the client's username within the generated tokens. This interface provides and consumes <em>supplemental</em> data. If an incoming anti-forgery token contains supplemental data but no additional data provider is configured, the supplemental data will not be validated.
Assembly: ServiceStack.Razor.dll
View Source
public interface IAntiForgeryAdditionalDataProvider
Methods
GetAdditionalData(HttpContextBase)
Provides additional data to be stored for the anti-forgery tokens generated during this request.
View Source
string GetAdditionalData(HttpContextBase context)
Returns
System.String: Supplemental data to embed within the anti-forgery token.
Parameters
| Type | Name | Description |
|---|---|---|
System.Web.HttpContextBase | context | Information about the current request. |
|
ValidateAdditionalData(HttpContextBase, String)
Validates additional data that was embedded inside an incoming anti-forgery token.
View Source
bool ValidateAdditionalData(HttpContextBase context, string additionalData)
Returns
System.Boolean: True if the data is valid; false if the data is invalid.
Parameters
| Type | Name | Description |
|---|---|---|
System.Web.HttpContextBase | context | Information about the current request. |
|
| System.String | additionalData | Supplemental data that was embedded within the token.
|