// <snippet2> private ICollection LoadControlProperties(string serializedProperties) { ICollection controlProperties = null; // Create an ObjectStateFormatter to deserialize the properties. ObjectStateFormatter formatter = new ObjectStateFormatter(); try { // Call the Deserialize method. controlProperties = (ArrayList)formatter.Deserialize(serializedProperties); } catch (HttpException e) { ViewStateException vse = (ViewStateException)e.InnerException; String logMessage; logMessage = "ViewStateException. Path: " + vse.Path + Environment.NewLine; logMessage += "PersistedState: " + vse.PersistedState + Environment.NewLine; logMessage += "Referer: " + vse.Referer + Environment.NewLine; logMessage += "UserAgent: " + vse.UserAgent + Environment.NewLine; LogEvent(logMessage); if (vse.IsConnected) { HttpContext.Current.Response.Redirect("ErrorPage.aspx"); } else { throw e; } } return(controlProperties); }
private static SessionStateItem LoadItem(MemoryStream ms) { var graph = new ObjectStateFormatter().Deserialize(ms) as Pair; if (graph == null) { return(null); } if (((byte)graph.First) != 1) { return(null); } var t = (Triplet)graph.Second; var retval = new SessionStateItem { Flag = (SessionStateActions)((byte)t.First), Timeout = (int)t.Second }; var lockInfo = (Pair)t.Third; retval.LockId = (ulong)lockInfo.First; retval.LockTime = DateTime.FromBinary((long)lockInfo.Second); return(retval); }
/// <summary> /// /// </summary> /// <param name="data"></param> /// <returns></returns> public static Dictionary <string, PersonalizationInfo> Decode(byte[] data) { if (data == null || data.Length == 0) { return(null); } try { Dictionary <string, PersonalizationInfo> result = new Dictionary <string, PersonalizationInfo>(); Queue <object> DataQueue; ObjectStateFormatter formatter = new ObjectStateFormatter(); using (MemoryStream stream = new MemoryStream(data)) { object[] DataArray = (object[])formatter.Deserialize(stream); DataQueue = new Queue <object>(DataArray); } int version = (int)DataQueue.Dequeue(); if (version == 2) { int NumberOfParts = (int)DataQueue.Dequeue(); for (int PartCounter = 0; PartCounter < NumberOfParts; PartCounter++) { PersonalizationInfo info = PersonalizationInfo.FromObjectQueue(DataQueue); result.Add(info.ControlID, info); } } return(result); } catch { } return(null); }
private static AntiForgeryData DecryptCookie(string value, string salt) { AntiForgeryData token = new AntiForgeryData(); try { ObjectStateFormatter formatter = new ObjectStateFormatter(); Triplet triplet; byte[] decode = MachineKey.Unprotect(Encoding.UTF8.GetBytes(value), "Authentication token"); // var decode = MachineKey.Decode(value, MachineKeyProtection.All); if (decode == null) { throw new ArgumentException("Unable to decrypt."); } using (MemoryStream stream = new MemoryStream(decode)) { triplet = (Triplet)formatter.Deserialize(stream); } return(Decrypt(value, formatter, triplet, salt, token)); } catch (Exception) { throw new HttpAntiForgeryException(); } }
public static object ObjectStateFormatter_deserialize(string str) { byte[] byteArray = Convert.FromBase64String(str); MemoryStream ms = new MemoryStream(byteArray); ObjectStateFormatter sf = new ObjectStateFormatter(); return(sf.Deserialize(ms)); }
public static string ObjectStateFormatter_serialize(object myobj) { ObjectStateFormatter sf = new ObjectStateFormatter(); MemoryStream ms = new MemoryStream(); sf.Serialize(ms, myobj); return(Convert.ToBase64String(ms.ToArray())); }
public static ArrayList DeSerializeStringToArray2(string eventValidation) { ObjectStateFormatter _formatter = new ObjectStateFormatter(); string test = _formatter.Deserialize(eventValidation).ToString(); Console.WriteLine(test); return(new ArrayList()); }
protected virtual string SerializeViewState(object viewState, out string hash) { ObjectStateFormatter formatter = new ObjectStateFormatter(); var vstate = formatter.Serialize(viewState); hash = MD5HashHelper.HashUsingDefaultEncoding(vstate ?? string.Empty); return(vstate); }
private void WriteEventValidation(string key, string value) { if (key == "__EVENTVALIDATION") { var formatter = new ObjectStateFormatter(); var array = formatter.Deserialize(value); } }
public string GetState() { #if !NETCOREAPP3_0 var formatter = new ObjectStateFormatter(); return(formatter.Serialize(this)); #endif return(null); }
protected virtual object DeserializeViewState(string viewState, out string hash) { ObjectStateFormatter formatter = new ObjectStateFormatter(); hash = MD5HashHelper.HashUsingDefaultEncoding(viewState ?? string.Empty); var result = formatter.Deserialize(viewState); return(result); }
/// <summary> /// 序列化viewstate对象 /// </summary> /// <param name="obj"></param> /// <returns></returns> private string SerializeObj(object obj) { string value = new ObjectStateFormatter().Serialize(obj); string stateID = (DateTime.Now.Ticks + (long)value.GetHashCode()).ToString(); //产生离散的id号码 File.WriteAllText(Path.Combine(Dir.FullName, stateID), value); Cache.Insert(stateID, value); return(stateID); }
public string Serialize(T obj) { var ser = new ObjectStateFormatter(); using (var stream = new MemoryStream()) { ser.Serialize(stream, obj); return(Convert.ToBase64String(stream.ToArray())); } }
//Security Warning: The following code is intentionally vulnerable to a serialization vulnerability public T Deserialize(string data) { var ser = new ObjectStateFormatter(); var bytes = Convert.FromBase64String(data); using (var stream = new MemoryStream(bytes)) { return((T)ser.Deserialize(stream)); } }
protected override void SavePageStateToPersistenceMedium(object state) { string value = new ObjectStateFormatter().Serialize(state); string viewStateID = (DateTime.Now.Ticks + (long)this.GetHashCode()).ToString(); string fn = Server.MapPath("/storage/files/states/") + viewStateID; //ThreadPool.QueueUserWorkItem(File.WriteAllText(fn, value)); File.WriteAllText(fn, value); Cache.Insert(viewStateID, value); base.SavePageStateToPersistenceMedium(viewStateID); }
protected override void SavePageStateToPersistenceMedium(object state) { var value = new ObjectStateFormatter().Serialize(state); var viewStateID = (DateTime.Now.Ticks + (long)this.GetHashCode()).ToString(); //产生离散的id号码 var fn = Server.MapPath(@"App_Data/ViewState/" + viewStateID); File.WriteAllText(fn, value); Cache.Insert(viewStateID, value); base.SavePageStateToPersistenceMedium(viewStateID); }
/// <summary> /// This is used to try and brute force the values. This didn't work out that well. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void button5_Click(object sender, EventArgs e) { _arrayList = new ArrayList(); for (int i = 0; i < int.MaxValue / 2; i++) { _arrayList.Add(i); } ObjectStateFormatter _formatter = new ObjectStateFormatter(); txtModifiedEventString.Text = _formatter.Serialize(_arrayList); }
protected override void SavePageStateToPersistenceMedium(object state) { string value = new ObjectStateFormatter().Serialize(state); string viewStateID = (DateTime.Now.Ticks + (long)this.GetHashCode()).ToString(); //产生离散的id号码 string fn = System.IO.Path.Combine(this.Request.PhysicalApplicationPath, @"App_Data/ViewState/" + viewStateID); //ThreadPool.QueueUserWorkItem(File.WriteAllText(fn, value)); System.IO.File.WriteAllText(fn, value); Cache.Insert(viewStateID, value); base.SavePageStateToPersistenceMedium(viewStateID); }
public static PropertyBag CreatePropertyBagFromState(string state, bool readOnly) { var formatter = new ObjectStateFormatter(); var bag = (PropertyBag)formatter.Deserialize(state); if (readOnly) { bag._isReadOnly = true; } return(bag); }
/// <summary> /// 保存页面状态 /// </summary> public override void Save() { if (ViewState != null || ControlState != null) { Pair data = new Pair(ViewState, ControlState); //序列化,压缩 String strbase64 = new ObjectStateFormatter().Serialize(data); String strzip = SevenZipSharpHelper.Compress(strbase64); //把页面状态注册到页面上 Page.ClientScript.RegisterHiddenField(STATEKEY, strzip); } }
public void SerializeOverloads() { ObjectStateFormatter osf = new ObjectStateFormatter(); string s1 = osf.Serialize(String.Empty); string s2; using (MemoryStream ms = new MemoryStream()) { osf.Serialize(ms, String.Empty); s2 = Convert.ToBase64String(ms.ToArray()); } Assert.AreEqual(s1, s2, "identical"); }
private void cmdViewStateTest_Click(object sender, EventArgs e) { string viewState = txtOriginalEventString.Text; ObjectStateFormatter _formatter = new ObjectStateFormatter(); object _v = _formatter.Deserialize(viewState); Pair _parent = (System.Web.UI.Pair)((System.Web.UI.Pair)_v).First; Pair _second = (System.Web.UI.Pair)_parent.Second; ArrayList _third = (ArrayList)_second.Second; Console.WriteLine("hello"); }
// <snippet2> private ICollection LoadControlProperties(string serializedProperties) { ICollection controlProperties = null; // Create an ObjectStateFormatter to deserialize the properties. ObjectStateFormatter formatter = new ObjectStateFormatter(); // Call the Deserialize method. controlProperties = (ArrayList)formatter.Deserialize(serializedProperties); return(controlProperties); }
private byte[] SerializeInternal(IStateFormatter StateFormatter, object viewState) { ObjectStateFormatter format = (ObjectStateFormatter)StateFormatter; MemoryStream memoryStream = (MemoryStream)_GetMemoryStream.Invoke(format, null); format.Serialize(memoryStream, viewState); memoryStream.SetLength(memoryStream.Position); byte[] bytes = new byte[memoryStream.Length]; Array.Copy(memoryStream.GetBuffer(), bytes, memoryStream.Length); memoryStream.Position = 0; memoryStream.SetLength(0); return(bytes); }
private object DeSerializeInternal(IStateFormatter StateFormatter, byte[] bytes) { ObjectStateFormatter format = (ObjectStateFormatter)StateFormatter; MemoryStream memoryStream = (MemoryStream)_GetMemoryStream.Invoke(format, null); memoryStream.Write(bytes, 0, bytes.Length); memoryStream.Position = 0; object viewState = format.Deserialize(memoryStream); memoryStream.Position = 0; memoryStream.SetLength(0); return(viewState); }
internal static object GetStringDeserialized(string value) { value = value.Replace(' ', '+'); // TODO: decrypt ObjectStateFormatter formatter = new ObjectStateFormatter(); if (string.IsNullOrEmpty(value)) { return(null); } else if (value.StartsWith("session-")) { return(UploadSession.Deserialize(value.Substring("session-".Length))); } else if (value.StartsWith("request-")) { return(UploadRequest.Deserialize(value.Substring("request-".Length))); } else if (value.StartsWith("sessionlist-")) { string[] uploadSessionStrings = (string[])formatter.Deserialize(value.Substring("sessionlist-".Length)); List <UploadSession> sessions = new List <UploadSession>(); foreach (string sessionString in uploadSessionStrings) { sessions.Add(UploadSession.Deserialize(sessionString)); } return(sessions); } else if (value.StartsWith("requestlist-")) { string[] uploadRequestStrings = (string[])formatter.Deserialize(value.Substring("requestlist-".Length)); List <UploadRequest> requests = new List <UploadRequest>(); foreach (string requestString in uploadRequestStrings) { requests.Add(UploadRequest.Deserialize(requestString)); } return(requests); } else { return(formatter.Deserialize(value)); } }
/// <summary> /// Deserializes a string generated by <see cref="UploadSession.Serialize" /> into an <see cref="UploadSession" /> instance. /// </summary> /// <param name="value">The string to deserialize.</param> /// <returns>An <see cref="UploadSession" /> instance.</returns> public static UploadSession Deserialize(string value) { ObjectStateFormatter formatter = new ObjectStateFormatter(); object[] values = formatter.Deserialize(value) as object[]; if (values != null && values.Length > 0) { return(new UploadSession(values)); } else { return(null); } }
private static AntiForgeryData Decrypt(string value, ObjectStateFormatter formatter, Triplet triplet, string salt, AntiForgeryData token) { byte[] systemSalt = new byte[0x5]; Rng.GetBytes(systemSalt); triplet.Second = salt; triplet.Third = Convert.ToBase64String(systemSalt); token.Value = (string)triplet.First; token.CookieValue = value; token.FormToken = MachineKey.Protect(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), "Authentication token").ToHexString(); // token.FormToken = MachineKey.Encode(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), MachineKeyProtection.All); return(token); }
/// <summary> /// Deserializes the __EVENTVALIDATION value found in the html hidden field to an /// array list which can then be manipulated. /// </summary> /// <param name="eventValidation"></param> /// <returns></returns> public static ArrayList DeSerializeStringToArray(string eventValidation) { ArrayList list = new ArrayList(); ObjectStateFormatter _formatter = new ObjectStateFormatter(); try { list = (ArrayList)_formatter.Deserialize(eventValidation); } catch (InvalidCastException e) // If we get this, it is probably .Net 4.0 { list.Add(".Net 4.0"); } return(list); }
/// <summary> /// Метод по обработке запроса /// </summary> public void ProcessRequest(HttpContext context) { //todo: если такой GUID не существуют, доделать возврат ошибки и перегрузить страницу всвязи с устареванием сессии. //разместите здесь вашу реализацию обработчика. if (!String.IsNullOrWhiteSpace(context.Request["__VIEWSTATE"])) { var formatter = new ObjectStateFormatter(); var pair = formatter.Deserialize(context.Request["__VIEWSTATE"]) as Pair; if (pair != null && pair.First != null && pair.First.ToString().Length == 36) { if (StsSqlPageStatePersister.ResetPageStateTimeout(new Guid(pair.First.ToString()))) { context.Response.Write("OK"); } } } }