private void DeserializeTokens( HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet, out AntiforgeryToken cookieToken, out AntiforgeryToken requestToken) { var antiforgeryFeature = GetAntiforgeryFeature(httpContext); if (antiforgeryFeature.HaveDeserializedCookieToken) { cookieToken = antiforgeryFeature.CookieToken; } else { cookieToken = _tokenSerializer.Deserialize(antiforgeryTokenSet.CookieToken); antiforgeryFeature.CookieToken = cookieToken; antiforgeryFeature.HaveDeserializedCookieToken = true; } if (antiforgeryFeature.HaveDeserializedRequestToken) { requestToken = antiforgeryFeature.RequestToken; } else { requestToken = _tokenSerializer.Deserialize(antiforgeryTokenSet.RequestToken); antiforgeryFeature.RequestToken = requestToken; antiforgeryFeature.HaveDeserializedRequestToken = true; } }
private void ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) { Debug.Assert(!string.IsNullOrEmpty(antiforgeryTokenSet.CookieToken)); Debug.Assert(!string.IsNullOrEmpty(antiforgeryTokenSet.RequestToken)); // Extract cookie & request tokens AntiforgeryToken deserializedCookieToken; AntiforgeryToken deserializedRequestToken; DeserializeTokens( httpContext, antiforgeryTokenSet, out deserializedCookieToken, out deserializedRequestToken); // Validate string message; if (!_tokenGenerator.TryValidateTokenSet( httpContext, deserializedCookieToken, deserializedRequestToken, out message)) { throw new AntiforgeryValidationException(message); } }
private bool TryDeserializeTokens( HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet, out AntiforgeryToken cookieToken, out AntiforgeryToken requestToken) { try { DeserializeTokens(httpContext, antiforgeryTokenSet, out cookieToken, out requestToken); return(true); } catch (AntiforgeryValidationException ex) { _logger.FailedToDeserialzeTokens(ex); cookieToken = null; requestToken = null; return(false); } }