This project is read-only.

How to exclude only one action from anti-forgery validation

Topics: Administration, Core, General, Writing modules, Writing themes
Jun 20, 2014 at 5:01 AM
I have very big module. i used "AntiForgery: enabled" in its manifest. i need to exclude only one action method of this big module from anti-forgery validation because it must be accessed from a payment service provider to send payment result. PSP does not send antiforgery token.
I know that i can remove "AntiForgery: enabled" from manifest and use attribute to enable validation on all actions but is it possible to keep "AntiForgery: enabled" and exclude only one?.
Jun 26, 2014 at 4:24 AM
In vanilla MVC when I need to do selective token validation I roll my own FilterAttribute and decorate my controller with it [myValidateAntiForgeryToken ] instead of the default [ValidateAntiForgeryToken]
[AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class myValidateAntiForgeryTokenAttribute : FilterAttribute,     IAuthorizationFilter
Perhaps you can adapt such an approach with orchard,