Click or drag to resize

AntiForgeryGetTokens Method

Generates an anti-forgery token pair (cookie and form token) for this request. This method is similar to GetHtml(), but this method gives the caller control over how to persist the returned values. To validate these tokens, call the appropriate overload of Validate.

Namespace: GSF.Web.Security
Assembly: GSF.Web (in GSF.Web.dll) Version: 2.4.218-beta
Syntax
[EditorBrowsableAttribute(EditorBrowsableState.Advanced)]
public static void GetTokens(
	HttpRequestMessage request,
	string oldCookieToken,
	out string newCookieToken,
	out string formToken
)
View Source

Parameters

request  HttpRequestMessage
Request message.
oldCookieToken  String
The anti-forgery token - if any - that already existed for this request. May be null. The anti-forgery system will try to reuse this cookie value when generating a matching form token.
newCookieToken  String
Will contain a new cookie value if the old cookie token was null or invalid. If this value is non-null when the method completes, the caller must persist this value in the form of a response cookie, and the existing cookie value should be discarded. If this value is null when the method completes, the existing cookie value was valid and needn't be modified.
formToken  String
The value that should be stored in the <form>. The caller should take care not to accidentally swap the cookie and form tokens.
Remarks
Unlike the GetHtml() method, this method has no side effect. The caller is responsible for setting the response cookie and injecting the returned form token as appropriate.
See Also