ServiceStack中是否有任何與ValidateAntiForgeryToken相當的功能？

Question

我正在看github中的SS代碼，我無法找到任何與ValidateAntiForgeryToken等價的東西，因爲我不想重新發明輪子，我想盡可能重用SS框架，我認爲一個解決方案可能是創建一個自定義的RequestFilterAttribute，其他想法？

Answer 1

我結束了創建與asp.net的MVC

這種類似的能力requestFilterAttibute是我的代碼完成迄今爲止：

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = false, AllowMultiple = false)] 
    public class ValidateHttpAntiForgeryToken : RequestFilterAttribute 
    { 
     public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto) 
     { 
      try 
      { 
       if (IsAjaxRequest(req)) 
        ValidateRequestHeader(req); 
       else 
        AntiForgery.Validate(); 

      } 
      catch (Exception ex) 
      { 
       res.StatusCode = 403; 
       res.StatusDescription = ex.Message; 
      } 
     } 

     private void ValidateRequestHeader(IHttpRequest req) 
     { 
      var cookie = req.Cookies.FirstOrDefault(c => c.Value.Name.Contains(AntiForgeryConfig.CookieName)); 
      if (cookie.Value == null) 
      { 
       throw new HttpAntiForgeryException(String.Format("Missing {0} cookie", AntiForgeryConfig.CookieName)); 
      } 
      IEnumerable<string> xXsrfHeaders = req.Headers.GetValues("__RequestVerificationToken"); 
      if (xXsrfHeaders == null || !xXsrfHeaders.Any()) 
       throw new HttpAntiForgeryException("Missing X-XSRF-Token HTTP header"); 
      AntiForgery.Validate(cookie.Value.Value, xXsrfHeaders.FirstOrDefault()); 

     } 

     private static bool IsAjaxRequest(IHttpRequest request) 
     { 
      IEnumerable<string> xRequestedWithHeaders = request.Headers.GetValues("X-Requested-With"); 
      if (xRequestedWithHeaders != null && xRequestedWithHeaders.Any()) 
      { 
       string headerValue = xRequestedWithHeaders.FirstOrDefault(); 
       if (!String.IsNullOrEmpty(headerValue)) 
       { 
        return String.Equals(headerValue, "XMLHttpRequest", StringComparison.OrdinalIgnoreCase); 
       } 
      } 
      return false; 
     } 
    } 

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = false, AllowMultiple = false)] 
    public class ValidateHttpAntiForgeryToken : RequestFilterAttribute 
    { 
     public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto) 
     { 
      try 
      { 
       if (IsAjaxRequest(req)) 
        ValidateRequestHeader(req); 
       else 
        AntiForgery.Validate(); 

      } 
      catch (Exception ex) 
      { 
       res.StatusCode = 403; 
       res.StatusDescription = ex.Message; 
      } 
     } 

     private void ValidateRequestHeader(IHttpRequest req) 
     { 
      var cookie = req.Cookies.FirstOrDefault(c => c.Value.Name.Contains(AntiForgeryConfig.CookieName)); 
      if (cookie.Value == null) 
      { 
       throw new HttpAntiForgeryException(String.Format("Missing {0} cookie", AntiForgeryConfig.CookieName)); 
      } 
      IEnumerable<string> xXsrfHeaders = req.Headers.GetValues("__RequestVerificationToken"); 
      if (xXsrfHeaders == null || !xXsrfHeaders.Any()) 
       throw new HttpAntiForgeryException("Missing X-XSRF-Token HTTP header"); 
      AntiForgery.Validate(cookie.Value.Value, xXsrfHeaders.FirstOrDefault()); 

     } 

     private static bool IsAjaxRequest(IHttpRequest request) 
     { 
      IEnumerable<string> xRequestedWithHeaders = request.Headers.GetValues("X-Requested-With"); 
      if (xRequestedWithHeaders != null && xRequestedWithHeaders.Any()) 
      { 
       string headerValue = xRequestedWithHeaders.FirstOrDefault(); 
       if (!String.IsNullOrEmpty(headerValue)) 
       { 
        return String.Equals(headerValue, "XMLHttpRequest", StringComparison.OrdinalIgnoreCase); 
       } 
      } 
      return false; 
     } 
    } 

Answer 2

它看起來像那個輪子已經被髮明出來：

https://github.com/ServiceStack/ServiceStack/tree/master/src/ServiceStack/Html/AntiXsrf