public virtual CustomAntiForgeryData Deserialize(string serializedToken)
{
if (string.IsNullOrEmpty(serializedToken))
{
throw new ArgumentException(CustomAntiForgeryResources.Common_NullOrEmpty, "serializedToken");
}
IStateFormatter formatter = this.Formatter;
CustomAntiForgeryData result;
try
{
object[] array = (object[])formatter.Deserialize(serializedToken);
result = new CustomAntiForgeryData
{
Salt = (string)array[0],
Value = (string)array[1],
CreationDate = (DateTime)array[2],
Username = (string)array[3]
};
}
catch (Exception innerException)
{
if (CustomAntiForgeryConfig.DebugMode)
{
CM.Web.AntiForgery.Custom.Logger.Exception(CustomAntiForgeryDataSerializer_.CreateValidationException(innerException));
result = null;
}
else
{
throw CustomAntiForgeryDataSerializer_.CreateValidationException(innerException);
}
}
return(result);
}
internal static string GetAntiForgeryTokenName(string appPath)
{
if (string.IsNullOrEmpty(appPath))
{
return("__RequestVerificationToken");
}
return("__RequestVerificationToken_" + CustomAntiForgeryData.Base64EncodeForCookieName(appPath));
}
public static CustomAntiForgeryData NewToken()
{
string value = CustomAntiForgeryData.GenerateRandomTokenString();
return(new CustomAntiForgeryData
{
Value = value
});
}
public HtmlString GetHtml(HttpContextBase httpContext, string salt, string domain, string path)
{
string antiForgeryTokenAndSetCookie = this.GetCustomAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path);
string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null);
TagBuilder tagBuilder = new TagBuilder("input");
tagBuilder.Attributes["type"] = "hidden";
tagBuilder.Attributes["name"] = antiForgeryTokenName;
tagBuilder.Attributes["value"] = antiForgeryTokenAndSetCookie;
return(new HtmlString(tagBuilder.ToString(TagRenderMode.SelfClosing)));
}
public CustomAntiForgeryData(CustomAntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
this.CreationDate = token.CreationDate;
this.Salt = token.Salt;
this.Username = token.Username;
this.Value = token.Value;
}
public void Validate(HttpContextBase context, string salt)
{
string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null);
string antiForgeryTokenName2 = CustomAntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath);
HttpCookie httpCookie = context.Request.Cookies[antiForgeryTokenName2];
if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
string text = context.Request.Form[antiForgeryTokenName];
if (string.IsNullOrEmpty(text))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
CustomAntiForgeryData antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
CustomAntiForgeryData antiForgeryData2 = this.Serializer.Deserialize(text);
if (antiForgeryData == null || antiForgeryData2 == null)
{
ThrowValidationException();
return;
}
if (!string.Equals(antiForgeryData.Value, antiForgeryData2.Value, StringComparison.Ordinal))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
string username = CustomAntiForgeryData.GetUsername(context.User);
if (!string.Equals(antiForgeryData2.Username, username, StringComparison.OrdinalIgnoreCase))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
if (!string.Equals(salt ?? string.Empty, antiForgeryData2.Salt, StringComparison.Ordinal))
{
//throw CustomAntiForgeryWorker.CreateValidationException();
ThrowValidationException();
return;
}
}
public virtual string Serialize(CustomAntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
object[] state = new object[]
{
token.Salt,
token.Value,
token.CreationDate,
token.Username
};
return(this.Formatter.Serialize(state));
}
public virtual string Serialize(CustomAntiForgeryData token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
string result;
using (MemoryStream memoryStream = new MemoryStream())
{
using (BinaryWriter binaryWriter = new BinaryWriter(memoryStream))
{
binaryWriter.Write(token.Salt);
binaryWriter.Write(token.Value);
binaryWriter.Write(token.CreationDate.Ticks);
binaryWriter.Write(token.Username);
result = this.Encoder(memoryStream.ToArray());
}
}
return(result);
}
private string GetCustomAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path)
{
string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath);
CustomAntiForgeryData antiForgeryData = null;
HttpCookie httpCookie = httpContext.Request.Cookies[antiForgeryTokenName];
if (httpCookie != null)
{
try
{
antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
}
catch (Exception ex)
{
CM.Web.AntiForgery.Custom.Logger.Exception(ex);
}
}
if (antiForgeryData == null)
{
antiForgeryData = CustomAntiForgeryData.NewToken();
string value = this.Serializer.Serialize(antiForgeryData);
HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value)
{
HttpOnly = true,
Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
httpCookie2.Path = path;
}
httpContext.Response.Cookies.Set(httpCookie2);
}
CustomAntiForgeryData token = new CustomAntiForgeryData(antiForgeryData)
{
Salt = salt,
Username = CustomAntiForgeryData.GetUsername(httpContext.User)
};
return(this.Serializer.Serialize(token));
}
public virtual CustomAntiForgeryData Deserialize(string serializedToken)
{
if (string.IsNullOrEmpty(serializedToken))
{
throw new ArgumentException(CustomAntiForgeryResources.Common_NullOrEmpty, "serializedToken");
}
CustomAntiForgeryData result;
try
{
using (MemoryStream memoryStream = new MemoryStream(this.Decoder(serializedToken)))
{
using (BinaryReader binaryReader = new BinaryReader(memoryStream))
{
result = new CustomAntiForgeryData
{
Salt = binaryReader.ReadString(),
Value = binaryReader.ReadString(),
CreationDate = new DateTime(binaryReader.ReadInt64()),
Username = binaryReader.ReadString()
};
}
}
}
catch (Exception innerException)
{
if (CustomAntiForgeryConfig.DebugMode)
{
CM.Web.AntiForgery.Custom.Logger.Exception(CustomAntiForgeryDataSerializer.CreateValidationException(innerException));
result = null;
}
else
{
throw CustomAntiForgeryDataSerializer.CreateValidationException(innerException);
}
}
return(result);
}
