I just tried that and that is not working. I added in the code as you said with
system.webmodules, but can't seem to find out what system.webmodules is.
This is what I have in my web.config file
Code:
<system.webServer>
<modules>
<add name="AntiCSRF.AntiCSRF" preCondition="managedHandler"
type="AntiCSRF.AntiCSRF, AntiCSRF"/>
</modules>
</system.webServer>
This is what I have for AntiCSRF.cs
Code:
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.UI;
namespace AntiCSRF
{
class AntiCSRF : IHttpModule
{
public AntiCSRF()
{
}
#region IHttpModule Members
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += new EventHandler(context_PreSendRequestHeaders);
context.PreRequestHandlerExecute += new EventHandler(context_PreRequestHandlerExecute);
}
#endregion
#region Event Handlers
void context_PreRequestHandlerExecute(object sender, EventArgs e)
{
}
void context_PreSendRequestHeaders(object sender, EventArgs e)
{
}
private static void PreRequestHandlerExecute(object source, EventArgs eventArgs)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
if (context.Handler != null)
{
Page page = context.Handler as Page;
if (page != null)
{
page.PreRender += PagePreRender;
}
}
}
private static void PagePreRender(object source, EventArgs eventArgs)
{
Page page = source as Page;
if (page != null && page.Form != null)
{
string csrfToken;
HttpContext context = HttpContext.Current;
if (context.Request == null ||
context.Request.Cookies == null ||
context.Request.Cookies["__CSRFCOOKIE"] == null ||
string.IsNullOrEmpty(context.Request.Cookies["__CSRFCOOKIE"].Value))
{
csrfToken = Guid.NewGuid().ToString("D", CultureInfo.InvariantCulture);
context.Items["Wrox.CSRFContext"] = csrfToken;
}
else
csrfToken = page.Request.Cookies["__CSRFCOOKIE"].Value;
ObjectStateFormatter stateFormatter = new ObjectStateFormatter();
page.ClientScript.RegisterHiddenField("__CSRFTOKEN", stateFormatter.Serialize(csrfToken));
}
}
#endregion
}
}
I also took your suggestion to look over Leveraging_HTTPModules_for_Better_ASPNET_Applicati on and couldn't find any reference to system.webmodules either. Maybe I'm missing something.
Thanks again in advance.