public void SerializeTo(Stream outputStream)
{
// don't need a 'using' block around this writer
SerializingBinaryWriter writer = new SerializingBinaryWriter(outputStream);
writer.Write((byte)0x00); // version header
writer.Write7BitEncodedInt(_hashes.Count); // number of entries
foreach (byte[] entry in _hashes)
{
writer.Write(entry);
}
}
/// <summary>
/// 序列化防伪数据
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
internal static byte[] Serializer(AntiForgeryData token)
{
byte[] result;
using (MemoryStream memoryStream = new MemoryStream())
{
using (SerializingBinaryWriter serializingBinaryWriter = new SerializingBinaryWriter(memoryStream))
{
serializingBinaryWriter.WriteBinaryString(token.Salt);
serializingBinaryWriter.WriteBinaryString(token.Value);
serializingBinaryWriter.Write(token.CreationDate.Ticks);
serializingBinaryWriter.WriteBinaryString(token.Username);
result = memoryStream.ToArray();
}
}
return(result);
}
public static byte[] ConvertToBytes(FormsAuthenticationCookie data)
{
using (var ticketBlobStream = new MemoryStream())
using (var ticketWriter = new SerializingBinaryWriter(ticketBlobStream))
{
ticketWriter.Write((byte)1);
ticketWriter.Write((byte)1);
ticketWriter.Write(data.IssuedUtc.Ticks);
ticketWriter.Write((byte)0xfe);
ticketWriter.Write(data.ExpiresUtc.Ticks);
ticketWriter.Write(data.IsPersistent);
ticketWriter.WriteBinaryString(data.UserName ?? "");
ticketWriter.WriteBinaryString(data.UserData ?? "");
ticketWriter.WriteBinaryString(data.CookiePath ?? "");
ticketWriter.Write((byte)0xff);
return(ticketBlobStream.ToArray());
}
}
public static byte[] Serialize(AuthenticationTicket ticket)
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (SerializingBinaryWriter serializingBinaryWriter = new SerializingBinaryWriter((Stream)memoryStream))
{
var userBinary = ticket.UserData.BinarySerialize();
//var binaryString = CryptoUtils.BinaryToHex(userBinary);
serializingBinaryWriter.Write((byte)1);
serializingBinaryWriter.Write((byte)ticket.Version);
serializingBinaryWriter.Write(ticket.IssueDateUtc.Ticks);
serializingBinaryWriter.Write((byte)254);
serializingBinaryWriter.Write(ticket.ExpirationUtc.Ticks);
serializingBinaryWriter.WriteBinaryString(ticket.Name);
serializingBinaryWriter.Write((int)userBinary.Length);
serializingBinaryWriter.Write(userBinary);
serializingBinaryWriter.Write(byte.MaxValue);
return memoryStream.ToArray();
}
}
}
public static byte[] Serialize(AuthenticationTicket ticket)
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (SerializingBinaryWriter serializingBinaryWriter = new SerializingBinaryWriter((Stream)memoryStream))
{
var userBinary = ticket.UserData.BinarySerialize();
//var binaryString = CryptoUtils.BinaryToHex(userBinary);
serializingBinaryWriter.Write((byte)1);
serializingBinaryWriter.Write((byte)ticket.Version);
serializingBinaryWriter.Write(ticket.IssueDateUtc.Ticks);
serializingBinaryWriter.Write((byte)254);
serializingBinaryWriter.Write(ticket.ExpirationUtc.Ticks);
serializingBinaryWriter.WriteBinaryString(ticket.Name);
serializingBinaryWriter.Write((int)userBinary.Length);
serializingBinaryWriter.Write(userBinary);
serializingBinaryWriter.Write(byte.MaxValue);
return(memoryStream.ToArray());
}
}
}
public static byte[] Serialize(FormsAuthenticationTicket ticket)
{
byte[] buffer;
using (MemoryStream stream = new MemoryStream())
{
using (SerializingBinaryWriter writer = new SerializingBinaryWriter(stream))
{
writer.Write((byte)1);
writer.Write((byte)ticket.Version);
writer.Write(ticket.IssueDate.ToUniversalTime().Ticks);
writer.Write((byte)0xfe);
writer.Write(ticket.Expiration.ToUniversalTime().Ticks);
writer.Write(ticket.IsPersistent);
writer.WriteBinaryString(ticket.Name);
writer.WriteBinaryString(ticket.UserData);
writer.WriteBinaryString(ticket.CookiePath);
writer.Write((byte)0xff);
buffer = stream.ToArray();
}
}
return(buffer);
}
public static byte[] Serialize(FormsAuthenticationTicket ticket)
{
byte[] buffer;
using (MemoryStream stream = new MemoryStream())
{
using (SerializingBinaryWriter writer = new SerializingBinaryWriter(stream))
{
writer.Write((byte) 1);
writer.Write((byte) ticket.Version);
writer.Write(ticket.IssueDateUtc.Ticks);
writer.Write((byte) 0xfe);
writer.Write(ticket.ExpirationUtc.Ticks);
writer.Write(ticket.IsPersistent);
writer.WriteBinaryString(ticket.Name);
writer.WriteBinaryString(ticket.UserData);
writer.WriteBinaryString(ticket.CookiePath);
writer.Write((byte) 0xff);
buffer = stream.ToArray();
}
}
return buffer;
}
private byte[] ConvertToBytes(FormsAuthenticationCookie data)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
using (var ticketBlobStream = new MemoryStream())
using (var ticketWriter = new SerializingBinaryWriter(ticketBlobStream))
{
ticketWriter.Write((byte)1);
ticketWriter.Write((byte)1);
ticketWriter.Write(data.IssuedUtc.Ticks);
ticketWriter.Write((byte)0xfe);
ticketWriter.Write(data.ExpiresUtc.Ticks);
ticketWriter.Write(data.IsPersistent);
ticketWriter.WriteBinaryString(data.UserName ?? "");
ticketWriter.WriteBinaryString(data.UserData ?? "");
ticketWriter.WriteBinaryString(data.CookiePath ?? "");
ticketWriter.Write((byte)0xff);
return(ticketBlobStream.ToArray());
}
}
// Turns a FormsAuthenticationTicket into a serialized blob.
// The resulting blob is not encrypted or signed.
public static byte[] Serialize(FormsAuthenticationTicket ticket) {
using (MemoryStream ticketBlobStream = new MemoryStream()) {
using (SerializingBinaryWriter ticketWriter = new SerializingBinaryWriter(ticketBlobStream)) {
// SECURITY NOTE:
// Earlier versions of the serializer (Framework20 / Framework40) wrote out a
// random 8-byte header as the first part of the payload. This random header
// was used as an IV when the ticket was encrypted, since the early encryption
// routines didn't automatically append an IV when encrypting data. However,
// the MSRC 10405 (Pythia) patch causes all of our crypto routines to use an
// IV automatically, so there's no need for us to include a random IV in the
// serialized stream any longer. We can just write out only the data, and the
// crypto routines will do the right thing.
// Step 1: Write the ticket serialized format version number (currently 0x01) to the stream.
// LENGTH: 1 byte
ticketWriter.Write(CURRENT_TICKET_SERIALIZED_VERSION);
// Step 2: Write the ticket version number to the stream.
// This is the developer-specified FormsAuthenticationTicket.Version property,
// which is just ticket metadata. Technically it should be stored as a 32-bit
// integer instead of just a byte, but we have historically been storing it
// as just a single byte forever and nobody has complained.
// LENGTH: 1 byte
ticketWriter.Write((byte)ticket.Version);
// Step 3: Write the ticket issue date to the stream.
// We store this value as UTC ticks. We can't use DateTime.ToBinary() since it
// isn't compatible with .NET v1.1.
// LENGTH: 8 bytes (64-bit little-endian in payload)
ticketWriter.Write(ticket.IssueDateUtc.Ticks);
// Step 4: Write a one-byte spacer (0xfe) to the stream.
// One of the old ticket formats (Framework40) expects the unencrypted payload
// to contain 0x000000 (3 null bytes) beginning at position 9 in the stream.
// Since we're currently at offset 10 in the serialized stream, we can take
// this opportunity to purposely inject a non-null byte at this offset, which
// intentionally breaks compatibility with Framework40 mode.
// LENGTH: 1 byte
Debug.Assert(ticketBlobStream.Position == 10, "Critical that we be at position 10 in the stream at this point.");
ticketWriter.Write((byte)0xfe);
// Step 5: Write the ticket expiration date to the stream.
// We store this value as UTC ticks.
// LENGTH: 8 bytes (64-bit little endian in payload)
ticketWriter.Write(ticket.ExpirationUtc.Ticks);
// Step 6: Write the ticket persistence field to the stream.
// LENGTH: 1 byte
ticketWriter.Write(ticket.IsPersistent);
// Step 7: Write the ticket username to the stream.
// LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload)
ticketWriter.WriteBinaryString(ticket.Name);
// Step 8: Write the ticket custom data to the stream.
// LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload)
ticketWriter.WriteBinaryString(ticket.UserData);
// Step 9: Write the ticket cookie path to the stream.
// LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload)
ticketWriter.WriteBinaryString(ticket.CookiePath);
// Step 10: Write a one-byte footer (0xff) to the stream.
// One of the old FormsAuthenticationTicket formats (Framework20) requires
// that the payload end in 0x0000 (U+0000). By making the very last byte
// of this format non-null, we can guarantee a compatiblity break between
// this format and Framework20.
// LENGTH: 1 byte
ticketWriter.Write((byte)0xff);
// Finished.
return ticketBlobStream.ToArray();
}
}
}
// Turns a FormsAuthenticationTicket into a serialized blob.
// The resulting blob is not encrypted or signed.
public static byte[] Serialize(FormsAuthenticationTicket ticket)
{
using (MemoryStream ticketBlobStream = new MemoryStream()) {
using (SerializingBinaryWriter ticketWriter = new SerializingBinaryWriter(ticketBlobStream)) {
// SECURITY NOTE:
// Earlier versions of the serializer (Framework20 / Framework40) wrote out a
// random 8-byte header as the first part of the payload. This random header
// was used as an IV when the ticket was encrypted, since the early encryption
// routines didn't automatically append an IV when encrypting data. However,
// the MSRC 10405 (Pythia) patch causes all of our crypto routines to use an
// IV automatically, so there's no need for us to include a random IV in the
// serialized stream any longer. We can just write out only the data, and the
// crypto routines will do the right thing.
// Step 1: Write the ticket serialized format version number (currently 0x01) to the stream.
// LENGTH: 1 byte
ticketWriter.Write(CURRENT_TICKET_SERIALIZED_VERSION);
// Step 2: Write the ticket version number to the stream.
// This is the developer-specified FormsAuthenticationTicket.Version property,
// which is just ticket metadata. Technically it should be stored as a 32-bit
// integer instead of just a byte, but we have historically been storing it
// as just a single byte forever and nobody has complained.
// LENGTH: 1 byte
ticketWriter.Write((byte)ticket.Version);
// Step 3: Write the ticket issue date to the stream.
// We store this value as UTC ticks. We can't use DateTime.ToBinary() since it
// isn't compatible with .NET v1.1.
// LENGTH: 8 bytes (64-bit little-endian in payload)
ticketWriter.Write(ticket.IssueDateUtc.Ticks);
// Step 4: Write a one-byte spacer (0xfe) to the stream.
// One of the old ticket formats (Framework40) expects the unencrypted payload
// to contain 0x000000 (3 null bytes) beginning at position 9 in the stream.
// Since we're currently at offset 10 in the serialized stream, we can take
// this opportunity to purposely inject a non-null byte at this offset, which
// intentionally breaks compatibility with Framework40 mode.
// LENGTH: 1 byte
//Debug.Assert(ticketBlobStream.Position == 10, "Critical that we be at position 10 in the stream at this point.");
ticketWriter.Write((byte)0xfe);
// Step 5: Write the ticket expiration date to the stream.
// We store this value as UTC ticks.
// LENGTH: 8 bytes (64-bit little endian in payload)
ticketWriter.Write(ticket.ExpirationUtc.Ticks);
// Step 6: Write the ticket persistence field to the stream.
// LENGTH: 1 byte
ticketWriter.Write(ticket.IsPersistent);
// Step 7: Write the ticket username to the stream.
// LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload)
ticketWriter.WriteBinaryString(ticket.Name);
// Step 8: Write the ticket custom data to the stream.
// LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload)
ticketWriter.WriteBinaryString(ticket.UserData);
// Step 9: Write the ticket cookie path to the stream.
// LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload)
ticketWriter.WriteBinaryString(ticket.CookiePath);
// Step 10: Write a one-byte footer (0xff) to the stream.
// One of the old FormsAuthenticationTicket formats (Framework20) requires
// that the payload end in 0x0000 (U+0000). By making the very last byte
// of this format non-null, we can guarantee a compatiblity break between
// this format and Framework20.
// LENGTH: 1 byte
ticketWriter.Write((byte)0xff);
// Finished.
return(ticketBlobStream.ToArray());
}
}
}
