Beispiel #1
0
        public void Serialize_FieldToken_WithUsername_TokenRoundTripSuccessful()
        {
            // Arrange
            var testSerializer = new DefaultAntiforgeryTokenSerializer(_dataProtector.Object, _pool);

            //"01" // Version
            //+ "705EEDCC7D42F1D6B3B98A593625BB4C" // SecurityToken
            //+ "00" // IsCookieToken
            //+ "00" // IsClaimsBased
            //+ "08" // Username length header
            //+ "4AC3A972C3B46D65" // Username ("Jérôme") as UTF8
            //+ "05" // AdditionalData length header
            //+ "E282AC3437"; // AdditionalData ("€47") as UTF8
            var token = new AntiforgeryToken()
            {
                SecurityToken  = _securityToken,
                IsCookieToken  = false,
                Username       = "******",
                AdditionalData = "€47"
            };

            // Act
            var actualSerializedData = testSerializer.Serialize(token);
            var deserializedToken    = testSerializer.Deserialize(actualSerializedData);

            // Assert
            AssertTokensEqual(token, deserializedToken);
            _dataProtector.Verify();
        }
Beispiel #2
0
        public void Serialize_FieldToken_WithClaimUid_TokenRoundTripSuccessful()
        {
            // Arrange
            var testSerializer = new DefaultAntiforgeryTokenSerializer(_dataProtector.Object, _pool);

            //"01" // Version
            //+ "705EEDCC7D42F1D6B3B98A593625BB4C" // SecurityToken
            //+ "00" // IsCookieToken
            //+ "01" // IsClaimsBased
            //+ "6F1648E97249AA58754036A67E248CF044F07ECFB0ED387556CE029A4F9A40E0" // ClaimUid
            //+ "05" // AdditionalData length header
            //+ "E282AC3437"; // AdditionalData ("€47") as UTF8
            var token = new AntiforgeryToken()
            {
                SecurityToken  = _securityToken,
                IsCookieToken  = false,
                ClaimUid       = _claimUid,
                AdditionalData = "€47"
            };

            // Act
            var actualSerializedData = testSerializer.Serialize(token);
            var deserializedToken    = testSerializer.Deserialize(actualSerializedData);

            // Assert
            AssertTokensEqual(token, deserializedToken);
            _dataProtector.Verify();
        }
Beispiel #3
0
        public void Deserialize_BadToken_Throws(string serializedToken)
        {
            // Arrange
            var testSerializer = new DefaultAntiforgeryTokenSerializer(_dataProtector.Object, _pool);

            // Act & assert
            var ex = Assert.Throws <AntiforgeryValidationException>(() => testSerializer.Deserialize(serializedToken));

            Assert.Equal(@"The antiforgery token could not be decrypted.", ex.Message);
        }
Beispiel #4
0
        public void Serialize_CookieToken_TokenRoundTripSuccessful()
        {
            // Arrange
            var testSerializer = new DefaultAntiforgeryTokenSerializer(_dataProtector.Object, _pool);

            //"01" // Version
            //+ "705EEDCC7D42F1D6B3B98A593625BB4C" // SecurityToken
            //+ "01"; // IsCookieToken
            var token = new AntiforgeryToken()
            {
                SecurityToken = _securityToken,
                IsCookieToken = true
            };

            // Act
            string actualSerializedData = testSerializer.Serialize(token);
            var    deserializedToken    = testSerializer.Deserialize(actualSerializedData);

            // Assert
            AssertTokensEqual(token, deserializedToken);
            _dataProtector.Verify();
        }