Products

TX Text Control .NET Server

ASP.NET Core Blazor Angular Javascript

TX Text Control .NET Server

Developer SDK for .NET

Overview

DS Server

DS Server

Low-code, containerized backend

Overview

.NET 8 .NET 9 .NET Framework
Server & Web
Windows Forms
WPF
ActiveX/VB6
ActiveX

Ready to evaluate?
Explore our Getting Started guides for step-by-step tutorials to kickstart your product journey!

Getting started

Technologies
Core Technologies

Add deep document processing to your applications.

Overview

Blog

Regular news, tutorials, code samples, and updates for Text Control products.

Read

Core Technologies

We would love to talk to you about how our technologies can help your business.

Call us on +1 704-544-7445 or schedule a meeting.

Schedule meeting

Demo Docs Blog
Blog

Regular news, tutorials, code samples, and updates for Text Control products.

Read

Authors

Meet our expert writers and technical contributors.

Overview

Latest Posts

We would love to talk to you about how our products can help your business.

Call us on +1 704-544-7445 or schedule a meeting.

Schedule meeting

Support
Support Resources

Full technical assistance for our product portfolio.

Overview

Documentation

Detailed guides and technical documentation library.

Overview

Support
Getting Started
Other Resources

Need technical support?
Contact our support team by opening a ticket - we'll get back to you within 1 business day.

New ticket

Company
About Us

Learn more about our company, our values and mission statement.

Learn more

Industry events

Text Control participates in leading technology conferences worldwide.

Learn more

Company
Contact
Newsletter
Legal

Let's start a conversation
Send us a message about your project, give us a call to discuss your requirements, or visit our office locations in Bremen (Germany) or Charlotte, NC (USA).

Contact us

ASP.NETASP.NET CoreDocument ViewerElectronic Signatures

Next Prev

Securing the Signature Endpoint with Custom ActionFilterAttributes

Bjoern Meyer

Bjoern Meyer

The HttpPost endpoint to which the signed document is forwarded can be in the same application or a completely different application. This tutorial will show you how to secure this endpoint through the use of custom filter attributes in ASP.NET Core.

Securing the Signature Endpoint with Custom ActionFilterAttributes

The HttpPost endpoint to which the signed document is forwarded can be in the same application or it can be in a completely different application. This tutorial will show you how to secure this endpoint through the use of custom filter attributes in ASP.NET Core.

Passing a Security Token

To provide an endpoint to forward the signature data and the signed document, the RedirectUrlAfterSignature property can be used. For protection of this endpoint, a custom filter can be implemented and a unique security token can be passed to the HttpPost method.

The following MVC Razor code shows how to integrate the Document Viewer and the security token that is passed in the RedirectUrlAfterSignature property.

@using TXTextControl.Web.MVC.DocumentViewer

@Html.TXTextControl().DocumentViewer(settings => {
     settings.DocumentPath = "App_Data\\template.tx";
     settings.SignatureSettings = new SignatureSettings() {
      ShowSignatureBar = true,
      OwnerName = "Josh Jackson",
      SignerName = "Tim Typer",
      SignerInitials = "TT",
      UniqueId = "12345-12345-12345-12345",
      RedirectUrlAfterSignature = this.Url.Action(
        "HandleSignature",
        "Signature",
        new { secureID = "123" },
        Context.Request.Scheme,
        null),
      SignatureBoxes = new SignatureBox[] {
        new SignatureBox("txsign") { SigningRequired = true, Style = SignatureBox.SignatureBoxStyle.Signature },
        new SignatureBox("txsigninit") { SigningRequired = true, Style = SignatureBox.SignatureBoxStyle.Initials }
      }};
}).Render()

The above code passes the security token "123" to the specified HandleSignature endpoint.

Controller Attributes

A custom ActionFilterAttribute CustomActionFilter is provided in the HandleSignature controller method.

[CustomActionFilter]
[HttpPost]
public IActionResult HandleSignature([FromBody] SignatureData data) {

  byte[] bPDF;

  // create temporary ServerTextControl
  using (TXTextControl.ServerTextControl tx = new TXTextControl.ServerTextControl()) {
    tx.Create();

    // load the document
    tx.Load(Convert.FromBase64String(data.SignedDocument.Document), TXTextControl.BinaryStreamType.InternalUnicodeFormat);

    //FlattenFormFields(tx);

    X509Certificate2 cert = new X509Certificate2("App_Data/textcontrolself.pfx", "123");

    var signatureFields = new List<DigitalSignature>();

    foreach (SignatureBox box in data.SignatureBoxes) {
      signatureFields.Add(new DigitalSignature(cert, null, box.Name));
    }

    TXTextControl.SaveSettings saveSettings = new TXTextControl.SaveSettings() {
      CreatorApplication = "Your Application",
      SignatureFields = signatureFields.ToArray()
    };

    // store the PDF in the database or send it to the client
    tx.Save(out bPDF, TXTextControl.BinaryStreamType.AdobePDFA, saveSettings);

    // alternatively, save the PDF to a file
    tx.Save("App_Data/signed.pdf", TXTextControl.StreamType.AdobePDFA, saveSettings);
  }

  // return any value to the client
  return Ok();
}

Filter Implementation

The custom filter implementation compares the security token and returns an error if the token is not valid.

public class CustomActionFilter : ActionFilterAttribute {
  public override void OnActionExecuting(ActionExecutingContext filterContext) {
    if (filterContext.HttpContext.Request.Query["secureID"] != "123") {
      filterContext.Result = new Microsoft.AspNetCore.Mvc.ContentResult() {
        Content = "Access denied"
      };
    }
  }
}

In a real-world implementation, the security token would be uniquely generated server-side, stored in a database, and compared to the given parameter in the request.

Stay in the loop!

Subscribe to the newsletter to receive the latest updates.

ASP.NET

Integrate document processing into your applications to create documents such as PDFs and MS Word documents, including client-side document editing, viewing, and electronic signatures.

ASP.NET Core
Angular
Blazor
JavaScript
React
  • Angular
  • Blazor
  • React
  • JavaScript
  • ASP.NET MVC, ASP.NET Core, and WebForms

Learn more Trial token Download trial

Related Posts

ASP.NETASP.NET CoreDocument Viewer

Common Web API Methods for Handling E-Signature Workflows in ASP.NET Core C#

Capturing electronic signatures and signing signature fields with certificates is a common feature of the TX Text Control Document Viewer. The most common server-side Web API methods for handling…

ASP.NETASP.NET CoreDocument Viewer

High-Performance Text Replacement in Large DOCX Files using C# .NET

Learn how to efficiently replace text in large DOCX files using C# .NET and the ServerTextControl component from Text Control. This article demonstrates the performance benefits of using the…

ASP.NETASP.NET CoreDocument Viewer

Document Viewer 33.2.1 Released: New Event and Bug Fixes

This service pack includes important bug fixes and improvements to enhance the stability and performance of the Document Viewer. In addition, a new event has been introduced to provide developers…

AngularASP.NETBlazor

Building an ASP.NET Core Backend (Linux and Windows) for the Document Editor…

This article shows how to create a backend for the Document Editor and Viewer using ASP.NET Core. The backend can be hosted on Windows and Linux and can be used in Blazor, Angular, JavaScript, and…

ASP.NETBlazorASP.NET Core

TX Text Control Document Editor and Viewer for Blazor Released

We are very happy to announce the immediate availability of TX Text Control packages for Blazor. This article gives an overview of the available packages and how to use them.