Beispiel #1
0
        public static string GetFormToken(HttpContext httpContext)
        {
            string name  = CsrfConfig.GetTokenFieldName();
            string value = httpContext.Request.Headers[name] ?? httpContext.Request.Form[name] ?? httpContext.Request.QueryString[name];

            if (String.IsNullOrEmpty(value))
            {
                // did not exist
                return(null);
            }

            return(value);
        }
Beispiel #2
0
        public static string GetToken(HttpContext httpContext)
        {
            try
            {
                object session = httpContext.Session[CsrfConfig.GetTokenFieldName()];
                if (session == null)
                {
                    // did not exist
                    return(null);
                }

                return(session.ToString());
            }
            catch
            {
                // ignore failures since we'll just generate a new token
                return(null);
            }
        }
Beispiel #3
0
        public static void SaveToken(HttpContext httpContext, string token)
        {
            string name = CsrfConfig.GetTokenFieldName();

            httpContext.Session[name] = token;
        }