ASP.NET MVC Antiforgery Token in AngularJS Template -


in razor view can following form generate antiforgery token:

<form .....>     @html.antiforgerytoken() </form> 

how can generate these antiforgerytoken outside razor view (vanilla html)? in particularly inside angular html template. have pass value angular application or have make call angular application in order retrieve it?

i found workaround using token. need create custom filter, instead of having [validateantiforgerytoken] filter have custom one, picks token header rather cookies. not remember source retrieved here is.

created filter class.

using system; using system.linq; using system.net.http; using system.web.helpers; using system.web.http.filters;  namespace cateringapplication.filters {     public sealed class validatecustomantiforgerytokenattribute : actionfilterattribute     {         public override void onactionexecuting(system.web.http.controllers.httpactioncontext actioncontext)         {             if (actioncontext == null)             {                 throw new argumentnullexception("actioncontext");             }             var headers = actioncontext.request.headers;             var cookie = headers                 .getcookies()                 .select(c => c[antiforgeryconfig.cookiename])                 .firstordefault();             var tokenfromheader = "";             if (headers.contains("x-xsrf-token"))                 tokenfromheader = headers.getvalues("x-xsrf-token").firstordefault();             antiforgery.validate(cookie != null ? cookie.value : null, tokenfromheader);              base.onactionexecuting(actioncontext);         }     } } 

then in angular used following retrieve token page, , add header.

app.run(['$http', function ($http) {     $http.defaults.headers.common['x-xsrf-token'] =         angular.element('input[name="__requestverificationtoken"]').attr('value'); }]); 

lastly change filter to: [validatecustomantiforgerytokenattribute]

update did not elaborate how , generated token. generated token through @html.antiforgerytoken()inside razor view within form, meaning token shared angular templates regardless of route token outside ng-view.


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -