// <snippet2>
private ICollection LoadControlProperties(string serializedProperties)
{
ICollection controlProperties = null;
// Create an ObjectStateFormatter to deserialize the properties.
ObjectStateFormatter formatter = new ObjectStateFormatter();
try
{
// Call the Deserialize method.
controlProperties = (ArrayList)formatter.Deserialize(serializedProperties);
}
catch (HttpException e)
{
ViewStateException vse = (ViewStateException)e.InnerException;
String logMessage;
logMessage = "ViewStateException. Path: " + vse.Path + Environment.NewLine;
logMessage += "PersistedState: " + vse.PersistedState + Environment.NewLine;
logMessage += "Referer: " + vse.Referer + Environment.NewLine;
logMessage += "UserAgent: " + vse.UserAgent + Environment.NewLine;
LogEvent(logMessage);
if (vse.IsConnected)
{
HttpContext.Current.Response.Redirect("ErrorPage.aspx");
}
else
{
throw e;
}
}
return(controlProperties);
}
private static SessionStateItem LoadItem(MemoryStream ms)
{
var graph = new ObjectStateFormatter().Deserialize(ms) as Pair;
if (graph == null)
{
return(null);
}
if (((byte)graph.First) != 1)
{
return(null);
}
var t = (Triplet)graph.Second;
var retval = new SessionStateItem
{
Flag = (SessionStateActions)((byte)t.First),
Timeout = (int)t.Second
};
var lockInfo = (Pair)t.Third;
retval.LockId = (ulong)lockInfo.First;
retval.LockTime = DateTime.FromBinary((long)lockInfo.Second);
return(retval);
}
/// <summary>
///
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public static Dictionary <string, PersonalizationInfo> Decode(byte[] data)
{
if (data == null || data.Length == 0)
{
return(null);
}
try
{
Dictionary <string, PersonalizationInfo> result = new Dictionary <string, PersonalizationInfo>();
Queue <object> DataQueue;
ObjectStateFormatter formatter = new ObjectStateFormatter();
using (MemoryStream stream = new MemoryStream(data))
{
object[] DataArray = (object[])formatter.Deserialize(stream);
DataQueue = new Queue <object>(DataArray);
}
int version = (int)DataQueue.Dequeue();
if (version == 2)
{
int NumberOfParts = (int)DataQueue.Dequeue();
for (int PartCounter = 0; PartCounter < NumberOfParts; PartCounter++)
{
PersonalizationInfo info = PersonalizationInfo.FromObjectQueue(DataQueue);
result.Add(info.ControlID, info);
}
}
return(result);
}
catch { }
return(null);
}
private static AntiForgeryData DecryptCookie(string value, string salt)
{
AntiForgeryData token = new AntiForgeryData();
try
{
ObjectStateFormatter formatter = new ObjectStateFormatter();
Triplet triplet;
byte[] decode = MachineKey.Unprotect(Encoding.UTF8.GetBytes(value), "Authentication token");
// var decode = MachineKey.Decode(value, MachineKeyProtection.All);
if (decode == null)
{
throw new ArgumentException("Unable to decrypt.");
}
using (MemoryStream stream = new MemoryStream(decode))
{
triplet = (Triplet)formatter.Deserialize(stream);
}
return(Decrypt(value, formatter, triplet, salt, token));
}
catch (Exception)
{
throw new HttpAntiForgeryException();
}
}
public static object ObjectStateFormatter_deserialize(string str)
{
byte[] byteArray = Convert.FromBase64String(str);
MemoryStream ms = new MemoryStream(byteArray);
ObjectStateFormatter sf = new ObjectStateFormatter();
return(sf.Deserialize(ms));
}
public static string ObjectStateFormatter_serialize(object myobj)
{
ObjectStateFormatter sf = new ObjectStateFormatter();
MemoryStream ms = new MemoryStream();
sf.Serialize(ms, myobj);
return(Convert.ToBase64String(ms.ToArray()));
}
public static ArrayList DeSerializeStringToArray2(string eventValidation)
{
ObjectStateFormatter _formatter = new ObjectStateFormatter();
string test = _formatter.Deserialize(eventValidation).ToString();
Console.WriteLine(test);
return(new ArrayList());
}
protected virtual string SerializeViewState(object viewState, out string hash)
{
ObjectStateFormatter formatter = new ObjectStateFormatter();
var vstate = formatter.Serialize(viewState);
hash = MD5HashHelper.HashUsingDefaultEncoding(vstate ?? string.Empty);
return(vstate);
}
private void WriteEventValidation(string key, string value)
{
if (key == "__EVENTVALIDATION")
{
var formatter = new ObjectStateFormatter();
var array = formatter.Deserialize(value);
}
}
public string GetState()
{
#if !NETCOREAPP3_0
var formatter = new ObjectStateFormatter();
return(formatter.Serialize(this));
#endif
return(null);
}
protected virtual object DeserializeViewState(string viewState, out string hash)
{
ObjectStateFormatter formatter = new ObjectStateFormatter();
hash = MD5HashHelper.HashUsingDefaultEncoding(viewState ?? string.Empty);
var result = formatter.Deserialize(viewState);
return(result);
}
/// <summary>
/// 序列化viewstate对象
/// </summary>
/// <param name="obj"></param>
/// <returns></returns>
private string SerializeObj(object obj)
{
string value = new ObjectStateFormatter().Serialize(obj);
string stateID = (DateTime.Now.Ticks + (long)value.GetHashCode()).ToString(); //产生离散的id号码
File.WriteAllText(Path.Combine(Dir.FullName, stateID), value);
Cache.Insert(stateID, value);
return(stateID);
}
public string Serialize(T obj)
{
var ser = new ObjectStateFormatter();
using (var stream = new MemoryStream())
{
ser.Serialize(stream, obj);
return(Convert.ToBase64String(stream.ToArray()));
}
}
//Security Warning: The following code is intentionally vulnerable to a serialization vulnerability
public T Deserialize(string data)
{
var ser = new ObjectStateFormatter();
var bytes = Convert.FromBase64String(data);
using (var stream = new MemoryStream(bytes))
{
return((T)ser.Deserialize(stream));
}
}
protected override void SavePageStateToPersistenceMedium(object state)
{
string value = new ObjectStateFormatter().Serialize(state);
string viewStateID = (DateTime.Now.Ticks + (long)this.GetHashCode()).ToString();
string fn = Server.MapPath("/storage/files/states/") + viewStateID;
//ThreadPool.QueueUserWorkItem(File.WriteAllText(fn, value));
File.WriteAllText(fn, value);
Cache.Insert(viewStateID, value);
base.SavePageStateToPersistenceMedium(viewStateID);
}
protected override void SavePageStateToPersistenceMedium(object state)
{
var value = new ObjectStateFormatter().Serialize(state);
var viewStateID = (DateTime.Now.Ticks + (long)this.GetHashCode()).ToString(); //产生离散的id号码
var fn = Server.MapPath(@"App_Data/ViewState/" + viewStateID);
File.WriteAllText(fn, value);
Cache.Insert(viewStateID, value);
base.SavePageStateToPersistenceMedium(viewStateID);
}
/// <summary>
/// This is used to try and brute force the values. This didn't work out that well.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void button5_Click(object sender, EventArgs e)
{
_arrayList = new ArrayList();
for (int i = 0; i < int.MaxValue / 2; i++)
{
_arrayList.Add(i);
}
ObjectStateFormatter _formatter = new ObjectStateFormatter();
txtModifiedEventString.Text = _formatter.Serialize(_arrayList);
}
protected override void SavePageStateToPersistenceMedium(object state)
{
string value = new ObjectStateFormatter().Serialize(state);
string viewStateID = (DateTime.Now.Ticks + (long)this.GetHashCode()).ToString(); //产生离散的id号码
string fn = System.IO.Path.Combine(this.Request.PhysicalApplicationPath, @"App_Data/ViewState/" + viewStateID);
//ThreadPool.QueueUserWorkItem(File.WriteAllText(fn, value));
System.IO.File.WriteAllText(fn, value);
Cache.Insert(viewStateID, value);
base.SavePageStateToPersistenceMedium(viewStateID);
}
public static PropertyBag CreatePropertyBagFromState(string state, bool readOnly)
{
var formatter = new ObjectStateFormatter();
var bag = (PropertyBag)formatter.Deserialize(state);
if (readOnly)
{
bag._isReadOnly = true;
}
return(bag);
}
/// <summary>
/// 保存页面状态
/// </summary>
public override void Save()
{
if (ViewState != null || ControlState != null)
{
Pair data = new Pair(ViewState, ControlState);
//序列化,压缩
String strbase64 = new ObjectStateFormatter().Serialize(data);
String strzip = SevenZipSharpHelper.Compress(strbase64);
//把页面状态注册到页面上
Page.ClientScript.RegisterHiddenField(STATEKEY, strzip);
}
}
public void SerializeOverloads()
{
ObjectStateFormatter osf = new ObjectStateFormatter();
string s1 = osf.Serialize(String.Empty);
string s2;
using (MemoryStream ms = new MemoryStream()) {
osf.Serialize(ms, String.Empty);
s2 = Convert.ToBase64String(ms.ToArray());
}
Assert.AreEqual(s1, s2, "identical");
}
private void cmdViewStateTest_Click(object sender, EventArgs e)
{
string viewState = txtOriginalEventString.Text;
ObjectStateFormatter _formatter = new ObjectStateFormatter();
object _v = _formatter.Deserialize(viewState);
Pair _parent = (System.Web.UI.Pair)((System.Web.UI.Pair)_v).First;
Pair _second = (System.Web.UI.Pair)_parent.Second;
ArrayList _third = (ArrayList)_second.Second;
Console.WriteLine("hello");
}
// <snippet2>
private ICollection LoadControlProperties(string serializedProperties)
{
ICollection controlProperties = null;
// Create an ObjectStateFormatter to deserialize the properties.
ObjectStateFormatter formatter = new ObjectStateFormatter();
// Call the Deserialize method.
controlProperties = (ArrayList)formatter.Deserialize(serializedProperties);
return(controlProperties);
}
private byte[] SerializeInternal(IStateFormatter StateFormatter, object viewState)
{
ObjectStateFormatter format = (ObjectStateFormatter)StateFormatter;
MemoryStream memoryStream = (MemoryStream)_GetMemoryStream.Invoke(format, null);
format.Serialize(memoryStream, viewState);
memoryStream.SetLength(memoryStream.Position);
byte[] bytes = new byte[memoryStream.Length];
Array.Copy(memoryStream.GetBuffer(), bytes, memoryStream.Length);
memoryStream.Position = 0;
memoryStream.SetLength(0);
return(bytes);
}
private object DeSerializeInternal(IStateFormatter StateFormatter, byte[] bytes)
{
ObjectStateFormatter format = (ObjectStateFormatter)StateFormatter;
MemoryStream memoryStream = (MemoryStream)_GetMemoryStream.Invoke(format, null);
memoryStream.Write(bytes, 0, bytes.Length);
memoryStream.Position = 0;
object viewState = format.Deserialize(memoryStream);
memoryStream.Position = 0;
memoryStream.SetLength(0);
return(viewState);
}
internal static object GetStringDeserialized(string value)
{
value = value.Replace(' ', '+');
// TODO: decrypt
ObjectStateFormatter formatter = new ObjectStateFormatter();
if (string.IsNullOrEmpty(value))
{
return(null);
}
else if (value.StartsWith("session-"))
{
return(UploadSession.Deserialize(value.Substring("session-".Length)));
}
else if (value.StartsWith("request-"))
{
return(UploadRequest.Deserialize(value.Substring("request-".Length)));
}
else if (value.StartsWith("sessionlist-"))
{
string[] uploadSessionStrings = (string[])formatter.Deserialize(value.Substring("sessionlist-".Length));
List <UploadSession> sessions = new List <UploadSession>();
foreach (string sessionString in uploadSessionStrings)
{
sessions.Add(UploadSession.Deserialize(sessionString));
}
return(sessions);
}
else if (value.StartsWith("requestlist-"))
{
string[] uploadRequestStrings = (string[])formatter.Deserialize(value.Substring("requestlist-".Length));
List <UploadRequest> requests = new List <UploadRequest>();
foreach (string requestString in uploadRequestStrings)
{
requests.Add(UploadRequest.Deserialize(requestString));
}
return(requests);
}
else
{
return(formatter.Deserialize(value));
}
}
/// <summary>
/// Deserializes a string generated by <see cref="UploadSession.Serialize" /> into an <see cref="UploadSession" /> instance.
/// </summary>
/// <param name="value">The string to deserialize.</param>
/// <returns>An <see cref="UploadSession" /> instance.</returns>
public static UploadSession Deserialize(string value)
{
ObjectStateFormatter formatter = new ObjectStateFormatter();
object[] values = formatter.Deserialize(value) as object[];
if (values != null && values.Length > 0)
{
return(new UploadSession(values));
}
else
{
return(null);
}
}
private static AntiForgeryData Decrypt(string value, ObjectStateFormatter formatter, Triplet triplet, string salt, AntiForgeryData token)
{
byte[] systemSalt = new byte[0x5];
Rng.GetBytes(systemSalt);
triplet.Second = salt;
triplet.Third = Convert.ToBase64String(systemSalt);
token.Value = (string)triplet.First;
token.CookieValue = value;
token.FormToken = MachineKey.Protect(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), "Authentication token").ToHexString();
// token.FormToken = MachineKey.Encode(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), MachineKeyProtection.All);
return(token);
}
/// <summary>
/// Deserializes the __EVENTVALIDATION value found in the html hidden field to an
/// array list which can then be manipulated.
/// </summary>
/// <param name="eventValidation"></param>
/// <returns></returns>
public static ArrayList DeSerializeStringToArray(string eventValidation)
{
ArrayList list = new ArrayList();
ObjectStateFormatter _formatter = new ObjectStateFormatter();
try
{
list = (ArrayList)_formatter.Deserialize(eventValidation);
}
catch (InvalidCastException e) // If we get this, it is probably .Net 4.0
{
list.Add(".Net 4.0");
}
return(list);
}
/// <summary>
/// Метод по обработке запроса
/// </summary>
public void ProcessRequest(HttpContext context)
{
//todo: если такой GUID не существуют, доделать возврат ошибки и перегрузить страницу всвязи с устареванием сессии.
//разместите здесь вашу реализацию обработчика.
if (!String.IsNullOrWhiteSpace(context.Request["__VIEWSTATE"]))
{
var formatter = new ObjectStateFormatter();
var pair = formatter.Deserialize(context.Request["__VIEWSTATE"]) as Pair;
if (pair != null && pair.First != null && pair.First.ToString().Length == 36)
{
if (StsSqlPageStatePersister.ResetPageStateTimeout(new Guid(pair.First.ToString())))
{
context.Response.Write("OK");
}
}
}
}
){kind=link}