The HttpPost endpoint to which the signed document is forwarded can be in the same application or it can be in a completely different application. This tutorial will show you how to secure this endpoint through the use of custom filter attributes in ASP.NET Core.

Passing a Security Token

To provide an endpoint to forward the signature data and the signed document, the RedirectUrlAfterSignature property can be used. For protection of this endpoint, a custom filter can be implemented and a unique security token can be passed to the HttpPost method.

The following MVC Razor code shows how to integrate the Document Viewer and the security token that is passed in the RedirectUrlAfterSignature property.


The above code passes the security token "123" to the specified HandleSignature endpoint.

Controller Attributes

A custom ActionFilterAttribute CustomActionFilter is provided in the HandleSignature controller method.


Filter Implementation

The custom filter implementation compares the security token and returns an error if the token is not valid.


In a real-world implementation, the security token would be uniquely generated server-side, stored in a database, and compared to the given parameter in the request.