public AntiForgeryData(AntiForgeryData token)
 {
     CreationDate = token.CreationDate;
     Salt = token.Salt;
     Username = token.Username;
     Value = token.Value;
 }
Beispiel #2
0
 public AntiForgeryData(AntiForgeryData token)
 {
     CreationDate = token.CreationDate;
     Salt         = token.Salt;
     Username     = token.Username;
     Value        = token.Value;
 }
Beispiel #3
0
        public static HtmlTag AntiForgeryToken(this IFubuPage page, string salt, string path, string domain)
        {
            var             antiForgeryService = page.Get <IAntiForgeryService>();
            AntiForgeryData cookieToken        = antiForgeryService.SetCookieToken(path, domain);
            FormToken       formToken          = antiForgeryService.GetFormToken(cookieToken, salt);

            return(new HiddenTag().Name(formToken.Name).Value(formToken.TokenString));
        }
        public virtual string Serialize(AntiForgeryData token)
        {
            using (var stream = new MemoryStream())
            using (var writer = new BinaryWriter(stream))
            {
                writer.Write(token.Salt);
                writer.Write(token.Value);
                writer.Write(token.CreationDate.Ticks);
                writer.Write(token.Username);

                return _encoder.Encode(stream.ToArray());
            }
        }
        public virtual string Serialize(AntiForgeryData token)
        {
            using (var stream = new MemoryStream())
                using (var writer = new BinaryWriter(stream))
                {
                    writer.Write(token.Salt);
                    writer.Write(token.Value);
                    writer.Write(token.CreationDate.Ticks);
                    writer.Write(token.Username);

                    return(_encoder.Encode(stream.ToArray()));
                }
        }
Beispiel #6
0
        public FormToken GetFormToken(AntiForgeryData token, string salt)
        {
            var formToken = new AntiForgeryData(token)
            {
                Salt     = salt,
                Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser)
            };
            string tokenString = _serializer.Serialize(formToken);

            return(new FormToken
            {
                Name = _tokenProvider.GetTokenName(),
                TokenString = tokenString
            });
        }
Beispiel #7
0
        public FormToken GetFormToken(AntiForgeryData token, string salt)
        {
            var formToken = new AntiForgeryData(token)
            {
                Salt = salt,
                Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser)
            };
            string tokenString = _serializer.Serialize(formToken);

            return new FormToken
            {
                Name = _tokenProvider.GetTokenName(),
                TokenString = tokenString
            };
        }
        public bool Validate(string salt)
        {
            var applicationPath = _fubuApplicationFiles.RootPath;
            var fieldName       = _tokenProvider.GetTokenName();
            var cookieName      = _tokenProvider.GetTokenName(applicationPath);

            var cookie = _cookies.Get(cookieName);

            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
            {
                return(false);
            }

            var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));

            var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string
                            ??
                            _requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string;

            if (formValue.IsEmpty())
            {
                return(false);
            }

            var formToken = _serializer.Deserialize(formValue);

            if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                return(false);
            }

            var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal);

            if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
            {
                return(false);
            }

            return(true);
        }
Beispiel #9
0
        public bool Validate(string salt)
        {
            var    cookies         = (HttpCookieCollection)_requestData.Value("Cookies");
            var    applicationPath = (string)_requestData.Value("ApplicationPath");
            var    form            = (NameValueCollection)_requestData.Value("Form");
            string fieldName       = _tokenProvider.GetTokenName();
            string cookieName      = _tokenProvider.GetTokenName(applicationPath);

            HttpCookie cookie = cookies[cookieName];

            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
            {
                return(false);
            }
            AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value);

            string formValue = form[fieldName];

            if (string.IsNullOrEmpty(formValue))
            {
                return(false);
            }
            AntiForgeryData formToken = _serializer.Deserialize(formValue);

            if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                return(false);
            }

            string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser);

            if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
            {
                return(false);
            }

            return(true);
        }
Beispiel #10
0
        public AntiForgeryData SetCookieToken(string path, string domain)
        {
            var             applicationPath = (string)_requestData.Value("ApplicationPath");
            AntiForgeryData token           = GetCookieToken();
            string          name            = _tokenProvider.GetTokenName(applicationPath);
            string          cookieValue     = _serializer.Serialize(token);

            var newCookie = new HttpCookie(name, cookieValue)
            {
                HttpOnly = true, Domain = domain
            };

            if (!string.IsNullOrEmpty(path))
            {
                newCookie.Path = path;
            }
            _outputWriter.AppendCookie(newCookie);

            return(token);
        }
Beispiel #11
0
        public AntiForgeryData SetCookieToken(string path, string domain)
        {
            var             applicationPath = _fubuApplicationFiles.RootPath;
            AntiForgeryData token           = GetCookieToken();
            string          name            = _tokenProvider.GetTokenName(applicationPath);
            string          cookieValue     = _serializer.Serialize(token);

            var newCookie = new Cookie(name, HttpUtility.UrlEncode(cookieValue))
            {
                HttpOnly = true, Domain = domain
            };

            if (!string.IsNullOrEmpty(path))
            {
                newCookie.Path = path;
            }
            _outputWriter.AppendCookie(newCookie);

            return(token);
        }
Beispiel #12
0
        public AntiForgeryData GetCookieToken()
        {
            var             applicationPath = _fubuApplicationFiles.RootPath;
            string          name            = _tokenProvider.GetTokenName(applicationPath);
            Cookie          cookie          = _cookies.Get(name);
            AntiForgeryData cookieToken     = null;

            if (cookie != null)
            {
                try
                {
                    cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));
                }
                catch (FubuException)
                {
                    // TODO -- log this.  Need a generic tracing mechanism
                }
            }

            return(cookieToken ?? _tokenProvider.GenerateToken());
        }
Beispiel #13
0
        public AntiForgeryData GetCookieToken()
        {
            var             cookies         = (HttpCookieCollection)_requestData.Value("Cookies");
            var             applicationPath = (string)_requestData.Value("ApplicationPath");
            string          name            = _tokenProvider.GetTokenName(applicationPath);
            HttpCookie      cookie          = cookies[name];
            AntiForgeryData cookieToken     = null;

            if (cookie != null)
            {
                try
                {
                    cookieToken = _serializer.Deserialize(cookie.Value);
                }
                catch (FubuException)
                {
                    //TODO: Log this?
                }
            }

            return(cookieToken ?? _tokenProvider.GenerateToken());
        }