File: Forms\AntiforgeryToken.cs
Web Access
Project: src\src\Components\Web\src\Microsoft.AspNetCore.Components.Web.csproj (Microsoft.AspNetCore.Components.Web)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using Microsoft.AspNetCore.Components.Rendering;
using Microsoft.Extensions.DependencyInjection;
 
namespace Microsoft.AspNetCore.Components.Forms;
 
/// <summary>
/// Component that renders an antiforgery token as a hidden field.
/// </summary>
public class AntiforgeryToken : IComponent
{
    private RenderHandle _handle;
    private bool _hasRendered;
    private AntiforgeryRequestToken? _requestToken;
 
    [Inject] IServiceProvider Services { get; set; } = default!;
 
    void IComponent.Attach(RenderHandle renderHandle)
    {
        _handle = renderHandle;
        _requestToken = Services.GetService<AntiforgeryStateProvider>()?.GetAntiforgeryToken();
    }
 
    Task IComponent.SetParametersAsync(ParameterView parameters)
    {
        if (!_hasRendered)
        {
            _hasRendered = true;
            if (_requestToken != null)
            {
                _handle.Render(RenderField);
            }
        }
 
        return Task.CompletedTask;
    }
 
    private void RenderField(RenderTreeBuilder builder)
    {
        builder.OpenElement(0, "input");
        builder.AddAttribute(1, "type", "hidden");
        builder.AddAttribute(2, "name", _requestToken!.FormFieldName);
        builder.AddAttribute(3, "value", _requestToken.Value);
        builder.CloseElement();
    }
}