Commented Issue: Support for validating attributes [11231]

I recognize that this may not be an extremely frequent need, but when building some MVC sites, I have determined that I require my POST commands to include the ValidateAntiForgeryToken attribute.
I wrote my own test case, which identifies all methods with the HttpPost attribute, and verify that they also have VAFT attribute.


[TestMethod]
public void POST_Requires_ValidToken()
{
// Arrange
TestedController controller = new TestedController();

// Act
var methods = controller.GetType().GetMethods()
.Where(m => m.ReturnType == typeof (System.Web.Mvc.ActionResult))
.Where(m => m.GetCustomAttributes(false).OfType<System.Web.Mvc.HttpPostAttribute>().Any())
.Where(m => !m.GetCustomAttributes(false).OfType<System.Web.Mvc.ValidateAntiForgeryTokenAttribute>().Any());

// Assert
methods.Should().BeEmpty("All Actions with HttpPost require ValidateAntiForgeryToken\r\nFailures: [{0}]", String.Join(", ", methods.Select(m => m.Name)));
}

So far the only real inconvenience (and nothing more than that) is the error message.

I'm sure you can come up with a more integrated (fluent) approach, as well :).
Comments: Associated with changeset 69889.