public bool Validate(string salt)
{
var applicationPath = _fubuApplicationFiles.RootPath;
var fieldName = _tokenProvider.GetTokenName();
var cookieName = _tokenProvider.GetTokenName(applicationPath);
var cookie = _cookies.Get(cookieName);
if (cookie == null || string.IsNullOrEmpty(cookie.Value))
{
return(false);
}
var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));
var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string
??
_requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string;
if (formValue.IsEmpty())
{
return(false);
}
var formToken = _serializer.Deserialize(formValue);
if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
return(false);
}
var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal);
if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
{
return(false);
}
return(true);
}
public bool Validate(string salt)
{
var cookies = (HttpCookieCollection)_requestData.Value("Cookies");
var applicationPath = (string)_requestData.Value("ApplicationPath");
var form = (NameValueCollection)_requestData.Value("Form");
string fieldName = _tokenProvider.GetTokenName();
string cookieName = _tokenProvider.GetTokenName(applicationPath);
HttpCookie cookie = cookies[cookieName];
if (cookie == null || string.IsNullOrEmpty(cookie.Value))
{
return(false);
}
AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value);
string formValue = form[fieldName];
if (string.IsNullOrEmpty(formValue))
{
return(false);
}
AntiForgeryData formToken = _serializer.Deserialize(formValue);
if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
return(false);
}
string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser);
if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
{
return(false);
}
return(true);
}
public AntiForgeryData SetCookieToken(string path, string domain)
{
var applicationPath = (string)_requestData.Value("ApplicationPath");
AntiForgeryData token = GetCookieToken();
string name = _tokenProvider.GetTokenName(applicationPath);
string cookieValue = _serializer.Serialize(token);
var newCookie = new HttpCookie(name, cookieValue)
{
HttpOnly = true, Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
_outputWriter.AppendCookie(newCookie);
return(token);
}
public AntiForgeryData SetCookieToken(string path, string domain)
{
var applicationPath = _fubuApplicationFiles.RootPath;
AntiForgeryData token = GetCookieToken();
string name = _tokenProvider.GetTokenName(applicationPath);
string cookieValue = _serializer.Serialize(token);
var newCookie = new Cookie(name, HttpUtility.UrlEncode(cookieValue))
{
HttpOnly = true, Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
_outputWriter.AppendCookie(newCookie);
return(token);
}
