public HtmlString GetHtml(HttpContextBase httpContext, string salt, string domain, string path)
{
string antiForgeryTokenAndSetCookie = this.GetCustomAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path);
string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null);
TagBuilder tagBuilder = new TagBuilder("input");
tagBuilder.Attributes["type"] = "hidden";
tagBuilder.Attributes["name"] = antiForgeryTokenName;
tagBuilder.Attributes["value"] = antiForgeryTokenAndSetCookie;
return(new HtmlString(tagBuilder.ToString(TagRenderMode.SelfClosing)));
}
public void Validate(HttpContextBase context, string salt)
{
string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null);
string antiForgeryTokenName2 = CustomAntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath);
HttpCookie httpCookie = context.Request.Cookies[antiForgeryTokenName2];
if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
string text = context.Request.Form[antiForgeryTokenName];
if (string.IsNullOrEmpty(text))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
CustomAntiForgeryData antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
CustomAntiForgeryData antiForgeryData2 = this.Serializer.Deserialize(text);
if (antiForgeryData == null || antiForgeryData2 == null)
{
ThrowValidationException();
return;
}
if (!string.Equals(antiForgeryData.Value, antiForgeryData2.Value, StringComparison.Ordinal))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
string username = CustomAntiForgeryData.GetUsername(context.User);
if (!string.Equals(antiForgeryData2.Username, username, StringComparison.OrdinalIgnoreCase))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
if (!string.Equals(salt ?? string.Empty, antiForgeryData2.Salt, StringComparison.Ordinal))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
}
private string GetCustomAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path)
{
string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath);
CustomAntiForgeryData antiForgeryData = null;
HttpCookie httpCookie = httpContext.Request.Cookies[antiForgeryTokenName];
if (httpCookie != null)
{
try
{
antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
}
catch (Exception ex)
{
CM.Web.AntiForgery.Custom.Logger.Exception(ex);
}
}
if (antiForgeryData == null)
{
antiForgeryData = CustomAntiForgeryData.NewToken();
string value = this.Serializer.Serialize(antiForgeryData);
HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value)
{
HttpOnly = true,
Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
httpCookie2.Path = path;
}
httpContext.Response.Cookies.Set(httpCookie2);
}
CustomAntiForgeryData token = new CustomAntiForgeryData(antiForgeryData)
{
Salt = salt,
Username = CustomAntiForgeryData.GetUsername(httpContext.User)
};
return(this.Serializer.Serialize(token));
}