public virtual CustomAntiForgeryData Deserialize(string serializedToken) { if (string.IsNullOrEmpty(serializedToken)) { throw new ArgumentException(CustomAntiForgeryResources.Common_NullOrEmpty, "serializedToken"); } IStateFormatter formatter = this.Formatter; CustomAntiForgeryData result; try { object[] array = (object[])formatter.Deserialize(serializedToken); result = new CustomAntiForgeryData { Salt = (string)array[0], Value = (string)array[1], CreationDate = (DateTime)array[2], Username = (string)array[3] }; } catch (Exception innerException) { if (CustomAntiForgeryConfig.DebugMode) { CM.Web.AntiForgery.Custom.Logger.Exception(CustomAntiForgeryDataSerializer_.CreateValidationException(innerException)); result = null; } else { throw CustomAntiForgeryDataSerializer_.CreateValidationException(innerException); } } return(result); }
internal static string GetAntiForgeryTokenName(string appPath) { if (string.IsNullOrEmpty(appPath)) { return("__RequestVerificationToken"); } return("__RequestVerificationToken_" + CustomAntiForgeryData.Base64EncodeForCookieName(appPath)); }
public static CustomAntiForgeryData NewToken() { string value = CustomAntiForgeryData.GenerateRandomTokenString(); return(new CustomAntiForgeryData { Value = value }); }
public HtmlString GetHtml(HttpContextBase httpContext, string salt, string domain, string path) { string antiForgeryTokenAndSetCookie = this.GetCustomAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path); string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null); TagBuilder tagBuilder = new TagBuilder("input"); tagBuilder.Attributes["type"] = "hidden"; tagBuilder.Attributes["name"] = antiForgeryTokenName; tagBuilder.Attributes["value"] = antiForgeryTokenAndSetCookie; return(new HtmlString(tagBuilder.ToString(TagRenderMode.SelfClosing))); }
public CustomAntiForgeryData(CustomAntiForgeryData token) { if (token == null) { throw new ArgumentNullException("token"); } this.CreationDate = token.CreationDate; this.Salt = token.Salt; this.Username = token.Username; this.Value = token.Value; }
public void Validate(HttpContextBase context, string salt) { string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null); string antiForgeryTokenName2 = CustomAntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath); HttpCookie httpCookie = context.Request.Cookies[antiForgeryTokenName2]; if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } string text = context.Request.Form[antiForgeryTokenName]; if (string.IsNullOrEmpty(text)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } CustomAntiForgeryData antiForgeryData = this.Serializer.Deserialize(httpCookie.Value); CustomAntiForgeryData antiForgeryData2 = this.Serializer.Deserialize(text); if (antiForgeryData == null || antiForgeryData2 == null) { ThrowValidationException(); return; } if (!string.Equals(antiForgeryData.Value, antiForgeryData2.Value, StringComparison.Ordinal)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } string username = CustomAntiForgeryData.GetUsername(context.User); if (!string.Equals(antiForgeryData2.Username, username, StringComparison.OrdinalIgnoreCase)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } if (!string.Equals(salt ?? string.Empty, antiForgeryData2.Salt, StringComparison.Ordinal)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } }
public virtual string Serialize(CustomAntiForgeryData token) { if (token == null) { throw new ArgumentNullException("token"); } object[] state = new object[] { token.Salt, token.Value, token.CreationDate, token.Username }; return(this.Formatter.Serialize(state)); }
public virtual string Serialize(CustomAntiForgeryData token) { if (token == null) { throw new ArgumentNullException("token"); } string result; using (MemoryStream memoryStream = new MemoryStream()) { using (BinaryWriter binaryWriter = new BinaryWriter(memoryStream)) { binaryWriter.Write(token.Salt); binaryWriter.Write(token.Value); binaryWriter.Write(token.CreationDate.Ticks); binaryWriter.Write(token.Username); result = this.Encoder(memoryStream.ToArray()); } } return(result); }
private string GetCustomAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path) { string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath); CustomAntiForgeryData antiForgeryData = null; HttpCookie httpCookie = httpContext.Request.Cookies[antiForgeryTokenName]; if (httpCookie != null) { try { antiForgeryData = this.Serializer.Deserialize(httpCookie.Value); } catch (Exception ex) { CM.Web.AntiForgery.Custom.Logger.Exception(ex); } } if (antiForgeryData == null) { antiForgeryData = CustomAntiForgeryData.NewToken(); string value = this.Serializer.Serialize(antiForgeryData); HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value) { HttpOnly = true, Domain = domain }; if (!string.IsNullOrEmpty(path)) { httpCookie2.Path = path; } httpContext.Response.Cookies.Set(httpCookie2); } CustomAntiForgeryData token = new CustomAntiForgeryData(antiForgeryData) { Salt = salt, Username = CustomAntiForgeryData.GetUsername(httpContext.User) }; return(this.Serializer.Serialize(token)); }
public virtual CustomAntiForgeryData Deserialize(string serializedToken) { if (string.IsNullOrEmpty(serializedToken)) { throw new ArgumentException(CustomAntiForgeryResources.Common_NullOrEmpty, "serializedToken"); } CustomAntiForgeryData result; try { using (MemoryStream memoryStream = new MemoryStream(this.Decoder(serializedToken))) { using (BinaryReader binaryReader = new BinaryReader(memoryStream)) { result = new CustomAntiForgeryData { Salt = binaryReader.ReadString(), Value = binaryReader.ReadString(), CreationDate = new DateTime(binaryReader.ReadInt64()), Username = binaryReader.ReadString() }; } } } catch (Exception innerException) { if (CustomAntiForgeryConfig.DebugMode) { CM.Web.AntiForgery.Custom.Logger.Exception(CustomAntiForgeryDataSerializer.CreateValidationException(innerException)); result = null; } else { throw CustomAntiForgeryDataSerializer.CreateValidationException(innerException); } } return(result); }