public AntiforgeryToken Deserialize(string serializedToken) { var serializationContext = _pool.Get(); Exception?innerException = null; try { var count = serializedToken.Length; var charsRequired = WebEncoders.GetArraySizeRequiredToDecode(count); var chars = serializationContext.GetChars(charsRequired); var tokenBytes = WebEncoders.Base64UrlDecode( serializedToken, offset: 0, buffer: chars, bufferOffset: 0, count: count); var unprotectedBytes = _cryptoSystem.Unprotect(tokenBytes); var stream = serializationContext.Stream; stream.Write(unprotectedBytes, offset: 0, count: unprotectedBytes.Length); stream.Position = 0L; var reader = serializationContext.Reader; var token = Deserialize(reader); if (token != null) { return(token); } } catch (Exception ex) { // swallow all exceptions - homogenize error if something went wrong innerException = ex; } finally { _pool.Return(serializationContext); } // if we reached this point, something went wrong deserializing throw new AntiforgeryValidationException(Resources.AntiforgeryToken_DeserializationFailed, innerException); }