public HtmlString GetHtml(HttpContextBase httpContext, string salt, string domain, string path) { string antiForgeryTokenAndSetCookie = this.GetCustomAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path); string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null); TagBuilder tagBuilder = new TagBuilder("input"); tagBuilder.Attributes["type"] = "hidden"; tagBuilder.Attributes["name"] = antiForgeryTokenName; tagBuilder.Attributes["value"] = antiForgeryTokenAndSetCookie; return(new HtmlString(tagBuilder.ToString(TagRenderMode.SelfClosing))); }
public void Validate(HttpContextBase context, string salt) { string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(null); string antiForgeryTokenName2 = CustomAntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath); HttpCookie httpCookie = context.Request.Cookies[antiForgeryTokenName2]; if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } string text = context.Request.Form[antiForgeryTokenName]; if (string.IsNullOrEmpty(text)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } CustomAntiForgeryData antiForgeryData = this.Serializer.Deserialize(httpCookie.Value); CustomAntiForgeryData antiForgeryData2 = this.Serializer.Deserialize(text); if (antiForgeryData == null || antiForgeryData2 == null) { ThrowValidationException(); return; } if (!string.Equals(antiForgeryData.Value, antiForgeryData2.Value, StringComparison.Ordinal)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } string username = CustomAntiForgeryData.GetUsername(context.User); if (!string.Equals(antiForgeryData2.Username, username, StringComparison.OrdinalIgnoreCase)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } if (!string.Equals(salt ?? string.Empty, antiForgeryData2.Salt, StringComparison.Ordinal)) { //throw CustomAntiForgeryWorker.CreateValidationException(); ThrowValidationException(); return; } }
private string GetCustomAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path) { string antiForgeryTokenName = CustomAntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath); CustomAntiForgeryData antiForgeryData = null; HttpCookie httpCookie = httpContext.Request.Cookies[antiForgeryTokenName]; if (httpCookie != null) { try { antiForgeryData = this.Serializer.Deserialize(httpCookie.Value); } catch (Exception ex) { CM.Web.AntiForgery.Custom.Logger.Exception(ex); } } if (antiForgeryData == null) { antiForgeryData = CustomAntiForgeryData.NewToken(); string value = this.Serializer.Serialize(antiForgeryData); HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value) { HttpOnly = true, Domain = domain }; if (!string.IsNullOrEmpty(path)) { httpCookie2.Path = path; } httpContext.Response.Cookies.Set(httpCookie2); } CustomAntiForgeryData token = new CustomAntiForgeryData(antiForgeryData) { Salt = salt, Username = CustomAntiForgeryData.GetUsername(httpContext.User) }; return(this.Serializer.Serialize(token)); }