private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string salt, string domain, string path)
{
string cookieName = AjaxAntiForgeryData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath);
AjaxAntiForgeryData cookieToken;
HttpCookie cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName];
if (cookie != null)
{
cookieToken = Serializer.Deserialize(cookie.Value);
}
else
{
cookieToken = AjaxAntiForgeryData.NewToken();
string cookieValue = Serializer.Serialize(cookieToken);
HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
if (!String.IsNullOrEmpty(path))
{
newCookie.Path = path;
}
helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie);
}
AjaxAntiForgeryData formToken = new AjaxAntiForgeryData(cookieToken)
{
Salt = salt,
Username = AjaxAntiForgeryData.GetUsername(helper.ViewContext.HttpContext.User)
};
string formValue = Serializer.Serialize(formToken);
return formValue;
}
// copy constructor
public AjaxAntiForgeryData(AjaxAntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
CreationDate = token.CreationDate;
Salt = token.Salt;
Username = token.Username;
Value = token.Value;
}
public virtual string Serialize(AjaxAntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
object[] objToSerialize = new object[] {
token.Salt,
token.Value,
token.CreationDate,
token.Username
};
string serializedValue = Formatter.Serialize(objToSerialize);
return serializedValue;
}
private bool ValidateFormToken(AjaxAntiForgeryData token)
{
return (String.Equals(Salt, token.Salt, StringComparison.Ordinal));
}
