|
Anti
|
Generates an anti-forgery token pair (cookie and form token) for this request.
This method is similar to GetHtml(), but this method gives the caller control
over how to persist the returned values. To validate these tokens, call the
appropriate overload of Validate.
Namespace: GSF.Web.Security
Assembly: GSF.Web (in GSF.Web.dll) Version: 2.4.258-beta
Syntax[EditorBrowsableAttribute(EditorBrowsableState.Advanced)] public static void GetTokens( HttpRequestMessage request, string oldCookieToken, out string newCookieToken, out string formToken )
Parameters
- request HttpRequestMessage
- Request message.
- oldCookieToken String
- The anti-forgery token - if any - that already existed for this request. May be null. The anti-forgery system will try to reuse this cookie value when generating a matching form token.
- newCookieToken String
- Will contain a new cookie value if the old cookie token was null or invalid. If this value is non-null when the method completes, the caller must persist this value in the form of a response cookie, and the existing cookie value should be discarded. If this value is null when the method completes, the existing cookie value was valid and needn't be modified.
- formToken String
- The value that should be stored in the <form>. The caller should take care not to accidentally swap the cookie and form tokens.
Remarks
Unlike the GetHtml() method, this method has no side effect. The caller
is responsible for setting the response cookie and injecting the returned
form token as appropriate.
See Also