public static string GetFormToken(HttpContext httpContext)
{
string name = CsrfConfig.GetTokenFieldName();
string value = httpContext.Request.Headers[name] ?? httpContext.Request.Form[name] ?? httpContext.Request.QueryString[name];
if (String.IsNullOrEmpty(value))
{
// did not exist
return(null);
}
return(value);
}
public static string GetToken(HttpContext httpContext)
{
try
{
object session = httpContext.Session[CsrfConfig.GetTokenFieldName()];
if (session == null)
{
// did not exist
return(null);
}
return(session.ToString());
}
catch
{
// ignore failures since we'll just generate a new token
return(null);
}
}
public static void SaveToken(HttpContext httpContext, string token)
{
string name = CsrfConfig.GetTokenFieldName();
httpContext.Session[name] = token;
}