/// <summary>
/// 验证请求
/// </summary>
/// <param name="context"></param>
/// <param name="salt"></param>
public void Validate(HttpContext context, string salt)
{
string formTokenName = AntiForgeryData.GetAntiForgeryTokenName(null);
string cookieTokenName = AntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath);
HttpCookie httpCookie = context.Request.Cookies[cookieTokenName];
if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value))
{
throw AntiForgeryWorker.CreateValidationException();
}
AntiForgeryData cookieAntiForgeryData = this.Serializer.Deserialize(httpCookie.Value);//从客户端cookie传来的防伪标识
string text = context.Request.Form[formTokenName];
if (string.IsNullOrEmpty(text))
{
throw AntiForgeryWorker.CreateValidationException();
}
AntiForgeryData formAntiForgeryData = this.Serializer.Deserialize(text);//从表单里面传递过来的防伪标识
if (!string.Equals(cookieAntiForgeryData.Value, formAntiForgeryData.Value, StringComparison.Ordinal))
{
throw AntiForgeryWorker.CreateValidationException();
}
string username = AntiForgeryData.GetUsername(context.User);//当前的用户名
if (!string.Equals(formAntiForgeryData.Username, username, StringComparison.OrdinalIgnoreCase))
{
throw AntiForgeryWorker.CreateValidationException();
}
if (!string.Equals(salt ?? string.Empty, formAntiForgeryData.Salt, StringComparison.Ordinal))
{
throw AntiForgeryWorker.CreateValidationException();
}
}
/// <summary>
/// 获取新的防伪票据
/// </summary>
/// <returns></returns>
public static AntiForgeryData NewToken()
{
return(new AntiForgeryData
{
Value = AntiForgeryData.GenerateRandomTokenString()
});
}
/// <summary>
/// 反序列化 防伪数据
/// </summary>
/// <param name="serializedTicket"></param>
/// <returns></returns>
internal static AntiForgeryData Deserializer(byte[] serializedTicket)
{
AntiForgeryData result;
try
{
using (MemoryStream memoryStream = new MemoryStream(serializedTicket))
{
using (SerializingBinaryReader serializingBinaryReader = new SerializingBinaryReader(memoryStream))
{
byte b = serializingBinaryReader.ReadByte();
if (b != 1)
{
result = null;
}
else
{
result = new AntiForgeryData
{
Salt = serializingBinaryReader.ReadBinaryString(),
Value = serializingBinaryReader.ReadBinaryString(),
CreationDate = new DateTime(serializingBinaryReader.ReadInt64()),
Username = serializingBinaryReader.ReadBinaryString()
};
}
}
}
}
catch
{
result = null;
}
return(result);
}
/// <summary>
/// 获取防伪票据的名称
/// </summary>
/// <param name="appPath"></param>
/// <returns></returns>
internal static string GetAntiForgeryTokenName(string appPath)
{
if (string.IsNullOrEmpty(appPath))
{
return("__RequestVerificationToken");
}
return("__RequestVerificationToken_" + AntiForgeryData.Base64EncodeForCookieName(appPath));
}
/// <summary>
/// 序列化防伪数据
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
public virtual string Serialize(AntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
return(FormsAuthentication.Encrypt(token.ConvertToFormsTicket()));
}
/// <summary>
/// 创建 AntiForgeryData 对象
/// </summary>
/// <param name="token"></param>
public AntiForgeryData(AntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
this.CreationDate = token.CreationDate;
this.Salt = token.Salt;
this.Username = token.Username;
this.Value = token.Value;
}
/// <summary>
/// 给页面打上防伪标识
/// </summary>
/// <param name="httpContext"></param>
/// <param name="salt"></param>
/// <param name="domain"></param>
/// <param name="path"></param>
/// <returns></returns>
public String GetHtml(HttpContext httpContext, string salt, string domain, string path)
{
string antiForgeryTokenAndSetCookie = this.GetAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path);
string antiForgeryTokenName = AntiForgeryData.GetAntiForgeryTokenName(null);
TagBuilder tagBuilder = new TagBuilder("input");
tagBuilder.Attributes["type"] = "hidden";
tagBuilder.Attributes["name"] = antiForgeryTokenName;
tagBuilder.Attributes["value"] = antiForgeryTokenAndSetCookie;
return(tagBuilder.ToString(TagRenderMode.SelfClosing));
}
/// <summary>
/// 序列化防伪数据
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
internal static byte[] Serializer(AntiForgeryData token)
{
byte[] result;
using (MemoryStream memoryStream = new MemoryStream())
{
using (SerializingBinaryWriter serializingBinaryWriter = new SerializingBinaryWriter(memoryStream))
{
serializingBinaryWriter.WriteBinaryString(token.Salt);
serializingBinaryWriter.WriteBinaryString(token.Value);
serializingBinaryWriter.Write(token.CreationDate.Ticks);
serializingBinaryWriter.WriteBinaryString(token.Username);
result = memoryStream.ToArray();
}
}
return(result);
}
/// <summary>
/// 获取、设置防伪标识
/// </summary>
/// <param name="httpContext"></param>
/// <param name="salt"></param>
/// <param name="domain"></param>
/// <param name="path"></param>
/// <returns></returns>
private string GetAntiForgeryTokenAndSetCookie(HttpContext httpContext, string salt, string domain, string path)
{
string antiForgeryTokenName = AntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath);
AntiForgeryData antiForgeryData = null;
HttpCookie httpCookie = httpContext.Request.Cookies[antiForgeryTokenName];
if (httpCookie != null)
{
try
{
antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
}
catch
{
}
}
if (antiForgeryData == null)
{
antiForgeryData = AntiForgeryData.NewToken();
string value = this.Serializer.Serialize(antiForgeryData);
HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value)
{
HttpOnly = true,
Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
httpCookie2.Path = path;
}
httpContext.Response.Cookies.Set(httpCookie2);
}
AntiForgeryData token = new AntiForgeryData(antiForgeryData)
{
Salt = salt,
Username = AntiForgeryData.GetUsername(httpContext.User)
};
return(this.Serializer.Serialize(token));
}