var requestCookie = Request.Cookies[AntiXsrfTokenKey]; Guid requestCookieGuidValue; if (requestCookie != null && TryParseGuid(requestCookie.Value, out requestCookieGuidValue)) { // Use the Anti-XSRF token from the cookie _antiXsrfTokenValue = requestCookie.Value; Page.ViewStateUserKey = _antiXsrfTokenValue; } else { _antiXsrfTokenValue = Guid.NewGuid().ToString("N"); Page.ViewStateUserKey = _antiXsrfTokenValue; /for setting AntiXSRF Token Value as a separate header XSRFHeader instead in theresponse header Start //Response.Cookies.Set(responseCookie); Response.AppendHeader("XSRFHeader", _antiXsrfTokenValue); } Page.PreLoad += csrf_Page_PreLoad; protected void csrf_Page_PreLoad(object sender, EventArgs e) { try { Common.WriteDDSLog("csrf_Page_PreLoad Started ..............."); if (!IsPostBack) { // Set Anti-XSRF token ViewState[AntiXsrfTokenKey] = Page.ViewStateUserKey; ViewState[AntiXsrfUserNameKey] = Context.User.Identity.Name ?? String.Empty; } else { // Validate the Anti-XSRF token if ((string)ViewState[AntiXsrfTokenKey] != _antiXsrfTokenValue || (string)ViewState[AntiXsrfUserNameKey] != (Context.User.Identity.Name ?? String.Empty)) { Common.WriteDDSLog("Validation of Anti-XSRF token failed in csrf_Page_PreLoad"); Response.Redirect("~/CustomError.aspx", false); } } } catch (Exception ex) { } #endregion Code for adding anti-csrf token
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)