Responding to customer and partner feedback re: the Anti-XSRF helpers.

What's new:
- Programmatic configuration over various Anti-XSRF behaviors:
-> The name of the cookie to use.
-> Whether SSL is required.
-> Ability to provide a nonce or other "custom data".
- The exception message is now a little less cryptic.  It tells you exactly what check failed (e.g. the cookie 'foo' was missing, the token was meant for a different user, etc.).
- The system tries to detect if the current identity is degenerate (e.g. authenticated but without a name) and fails safe. The exception message specifies how to resolve the problem. (This check can be suppressed via config if necessary.)
- Ability to get the cookie and form token strings directly if you want more manual control.
- Built-in support for OpenID and Azure ACS (WIF).
- For most consumers, the token size is smaller.

Breaks:
- The salt / domain / path parameters are all obsolete as error. The customer can achieve the same effect by using the <httpCookies> configuration element or calling the AntiForgery.* APIs that are string-based.
- Not compatible with MVC 1 / 2 / 3. However, this system makes it easier to recover gracefully when an old token is submitted.

CR: marcind; bradwils
SR: naziml

2 files changed, 47 insertions, 9 deletions

diff --git a/src/System.Web.Mvc/HtmlHelper.cs b/src/System.Web.Mvc/HtmlHelper.cs
index d9a5d2d0..43c483bf 100644
--- a/src/System.Web.Mvc/HtmlHelper.cs
+++ b/src/System.Web.Mvc/HtmlHelper.cs
@@ -106,19 +106,44 @@ namespace System.Web.Mvc
             return result;
         }
 
+        [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "For consistency, all helpers are instance methods.")]
         public MvcHtmlString AntiForgeryToken()
         {
-            return AntiForgeryToken(salt: null);
+            return new MvcHtmlString(AntiForgery.GetHtml().ToString());
         }
 
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AdditionalDataProvider", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryConfig", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryToken", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "httpCookies", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "Method is obsolete.")]
+        [Obsolete("This method is deprecated. Use the AntiForgeryToken() method instead. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", error: true)]
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public MvcHtmlString AntiForgeryToken(string salt)
         {
-            return AntiForgeryToken(salt, domain: null, path: null);
+            if (!String.IsNullOrEmpty(salt))
+            {
+                throw new NotSupportedException("This method is deprecated. Use the AntiForgeryToken() method instead. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.");
+            }
+
+            return AntiForgeryToken();
         }
 
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AdditionalDataProvider", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryConfig", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryToken", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "httpCookies", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "Method is obsolete.")]
+        [Obsolete("This method is deprecated. Use the AntiForgeryToken() method instead. To specify a custom domain for the generated cookie, use the <httpCookies> configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", error: true)]
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public MvcHtmlString AntiForgeryToken(string salt, string domain, string path)
         {
-            return new MvcHtmlString(AntiForgery.GetHtml(ViewContext.HttpContext, salt, domain, path).ToString());
+            if (!String.IsNullOrEmpty(salt) || !String.IsNullOrEmpty(domain) || !String.IsNullOrEmpty(path))
+            {
+                throw new NotSupportedException("This method is deprecated. Use the AntiForgeryToken() method instead. To specify a custom domain for the generated cookie, use the <httpCookies> configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.");
+            }
+
+            return AntiForgeryToken();
         }
 
         [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "For consistency, all helpers are instance methods.")]
diff --git a/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs b/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs
index b948a0b0..810344c0 100644
--- a/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs
+++ b/src/System.Web.Mvc/ValidateAntiForgeryTokenAttribute.cs
@@ -1,4 +1,6 @@
-using System.Diagnostics;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Web.Helpers;
 
 namespace System.Web.Mvc
@@ -13,19 +15,30 @@ namespace System.Web.Mvc
         {
         }
 
-        internal ValidateAntiForgeryTokenAttribute(Action<HttpContextBase, string> validateAction)
+        internal ValidateAntiForgeryTokenAttribute(Action validateAction)
         {
             Debug.Assert(validateAction != null);
             ValidateAction = validateAction;
         }
 
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AdditionalDataProvider", Justification = "API name.")]
+        [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "AntiForgeryConfig", Justification = "API name.")]
+        [Obsolete("The 'Salt' property is deprecated. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", error: true)]
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public string Salt
         {
-            get { return _salt ?? String.Empty; }
-            set { _salt = value; }
+            get { return _salt; }
+            set
+            {
+                if (!String.IsNullOrEmpty(value))
+                {
+                    throw new NotSupportedException("The 'Salt' property is deprecated. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.");
+                }
+                _salt = value;
+            }
         }
 
-        internal Action<HttpContextBase, string> ValidateAction { get; private set; }
+        internal Action ValidateAction { get; private set; }
 
         public void OnAuthorization(AuthorizationContext filterContext)
         {
@@ -34,7 +47,7 @@ namespace System.Web.Mvc
                 throw new ArgumentNullException("filterContext");
             }
 
-            ValidateAction(filterContext.HttpContext, Salt);
+            ValidateAction();
         }
     }
 }