private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string domain, string path)
{
var cookieName = CsrfData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath);
CsrfData cookieToken;
var cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName];
if (cookie != null)
{
cookieToken = Serializer.Deserialize(cookie.Value);
}
else
{
cookieToken = CsrfData.NewToken();
var cookieValue = Serializer.Serialize(cookieToken);
var newCookie = new HttpCookie(cookieName, cookieValue)
{
HttpOnly = true, Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie);
}
var formToken = new CsrfData(cookieToken)
{
Username = CsrfData.GetUsername(helper.ViewContext.HttpContext.User)
};
var formValue = Serializer.Serialize(formToken);
return(formValue);
}
private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string domain, string path)
{
var cookieName = CsrfData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath);
CsrfData cookieToken;
var cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName];
if (cookie != null)
{
cookieToken = Serializer.Deserialize(cookie.Value);
}
else
{
cookieToken = CsrfData.NewToken();
var cookieValue = Serializer.Serialize(cookieToken);
var newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
if (!string.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie);
}
var formToken = new CsrfData(cookieToken)
{
Username = CsrfData.GetUsername(helper.ViewContext.HttpContext.User)
};
var formValue = Serializer.Serialize(formToken);
return formValue;
}
public static MvcHtmlString CsrfToken(this HtmlHelper helper, string domain, string path)
{
var formValue = GetAntiForgeryTokenAndSetCookie(helper, domain, path);
var fieldName = CsrfData.GetAntiForgeryTokenName(null);
var builder = new TagBuilder("meta");
builder.Attributes["name"] = fieldName;
builder.Attributes["content"] = formValue;
return(MvcHtmlString.Create(builder.ToString(TagRenderMode.StartTag)));
}
public CsrfData(CsrfData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
CreationDate = token.CreationDate;
Salt = token.Salt;
Username = token.Username;
Value = token.Value;
}
public CsrfData(CsrfData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
CreationDate = token.CreationDate;
Salt = token.Salt;
Username = token.Username;
Value = token.Value;
}
public virtual string Serialize(CsrfData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
var objToSerialize = new object[] {
token.Salt,
token.Value,
token.CreationDate,
token.Username
};
var serializedValue = Formatter.Serialize(objToSerialize);
return serializedValue;
}
public virtual string Serialize(CsrfData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
var objToSerialize = new object[] {
token.Salt,
token.Value,
token.CreationDate,
token.Username
};
var serializedValue = Formatter.Serialize(objToSerialize);
return(serializedValue);
}
private bool ValidateFormToken(CsrfData token)
{
return (String.Equals(Salt, token.Salt, StringComparison.Ordinal));
}