Click or drag to resize

GSF.Web.Security Namespace
Contains classes that provide role based security functionality for MVC and SignalR applications.
Classes
  Class Description
Public class AntiForgery Provides access to the anti-forgery system, which provides protection against Cross-site Request Forgery (CSRF, also called XSRF) attacks.
Public class AntiForgeryConfig Provides programmatic configuration for the anti-forgery token system.
Public class AppBuilderExtensions Represents IAppBuilder extension functions for GSF authentication middle-ware.
Public class AuthenticationHandler Handles authentication using the configured ISecurityProvider implementation in the Owin pipeline.
Public class AuthenticationMiddleware Middle-ware for configuring authentication using ISecurityProvider in the Owin pipeline.
Public class AuthenticationOptions Represents options for authentication using AuthenticationHandler.
Public class AuthenticationOptionsExtensions Extension methods for authentication options.
Public class AuthorizationCache Defines authorization cache.
Public class AuthorizeControllerRoleAttribute Defines an MVC filter attribute to handle the GSF role based security model.
Public class AuthorizeHubRoleAttribute Defines a SignalR authorization attribute to handle the GSF role based security model.
Public class HttpConfigurationExtensions Represents HttpConfiguration extension functions for GSF authentication middle-ware.
Public class ReadonlyAuthenticationOptions Represents an immutable version of AuthenticationOptions.
Public class SecurityHub Defines a SignalR security hub for managing users, groups and SID management.
Public class SessionHandler Represents an HTTP messaging handler that can inject a session ID that can be used for security and user state.
Public class ValidateRequestVerificationTokenAttribute Requests that the controller or method validate the anti-forgery request verification token values found in the HTTP headers.
Interfaces
  Interface Description
Public interface IAntiForgeryAdditionalDataProvider Allows providing or validating additional custom data for anti-forgery tokens. For example, the developer could use this to supply a nonce when the token is generated, then he could validate the nonce when the token is validated.