Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
- public class MyValidateAntiForgeryTokenAttribute : System.Web.Mvc.FilterAttribute, System.Web.Mvc.IAuthorizationFilter
- {
- private void ValidateRequestHeader(HttpRequestBase request)
- {
- string cookieToken = String.Empty;
- string formToken = String.Empty;
- string tokenValue = request.Headers["RequestVerificationToken"];
- if (!String.IsNullOrEmpty(tokenValue))
- {
- string[] tokens = tokenValue.Split(':');
- if (tokens.Length == 2)
- {
- cookieToken = tokens[0].Trim();
- formToken = tokens[1].Trim();
- }
- }
- AntiForgery.Validate(cookieToken, formToken);
- }
- public void OnAuthorization(AuthorizationContext filterContext)
- {
- try
- {
- if (filterContext.HttpContext.Request.IsAjaxRequest())
- {
- ValidateRequestHeader(filterContext.HttpContext.Request);
- }
- else
- {
- AntiForgery.Validate();
- }
- }
- catch (HttpAntiForgeryException e)
- {
- throw new HttpAntiForgeryException("Anti forgery token cookie not found");
- }
- }
- }
- // POST: /Manage/ChangePassword
- [HttpPost]
- //[ValidateAntiForgeryToken]
- [MyValidateAntiForgeryToken]
- public async Task<ActionResult> ChangePassword(ChangePasswordViewModel model)
- {
- if (!ModelState.IsValid)
- {
- return View(model);
- }
- var result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword, model.NewPassword);
- if (result.Succeeded)
- {
- var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
- if (user != null)
- {
- await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
- }
- return RedirectToAction("Index", new { Message = ManageMessageId.ChangePasswordSuccess });
- }
- AddErrors(result);
- return View(model);
- }
- app.controller('MyCtrl', ['$scope', '$upload', '$http' , function ($scope, $upload, $http) {
- $scope.sendpassword = function () {
- alert($scope.antiForgeryToken);
- $http({
- method: 'POST',
- url: '/Manage/ChangePassword',
- data: {
- OldPassword: $scope.OldPassword, NewPassword: $scope.NewPassword, ConfirmPassword: $scope.ConfirmPassword
- },
- headers: {
- 'RequestVerificationToken': $scope.antiForgeryToken
- }
- }).success(function (data) {
- alert(data);
- });
- }
- <form data-ng-submit="sendpassword()" novalidate>
- <input id="antiForgeryToken" data-ng-model="antiForgeryToken" type="hidden" data-ng-init="antiForgeryToken='@GetAntiForgeryToken()'" />
- </form>
- @functions{
- public string GetAntiForgeryToken()
- {
- string cookieToken, formToken;
- AntiForgery.GetTokens(null, out cookieToken, out formToken);
- return cookieToken + ":" + formToken;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement