コード例 #1
0
        private static AntiForgeryData DecryptCookie(string value, string salt)
        {
            AntiForgeryData token = new AntiForgeryData();

            try
            {
                ObjectStateFormatter formatter = new ObjectStateFormatter();
                Triplet triplet;

                byte[] decode = MachineKey.Unprotect(Encoding.UTF8.GetBytes(value), "Authentication token");
//                var decode = MachineKey.Decode(value, MachineKeyProtection.All);
                if (decode == null)
                {
                    throw new ArgumentException("Unable to decrypt.");
                }

                using (MemoryStream stream = new MemoryStream(decode))
                {
                    triplet = (Triplet)formatter.Deserialize(stream);
                }

                return(Decrypt(value, formatter, triplet, salt, token));
            }
            catch (Exception)
            {
                throw new HttpAntiForgeryException();
            }
        }
コード例 #2
0
        private static void ValidateJsonRequestPrivate(IDictionary <string, object> data, string salt)
        {
            if (!data.ContainsKey(TokenName))
            {
                throw new HttpAntiForgeryException();
            }

            string formToken = data[TokenName] as string;

            if (Compare.IsNullOrEmpty(formToken))
            {
                throw new HttpAntiForgeryException();
            }

            HttpCookie cookie = HttpContext.Current.Request.Cookies[GetTokenName(HttpContext.Current.Request.ApplicationPath)];

            if (cookie == null)
            {
                throw new HttpAntiForgeryException();
            }

            AntiForgeryData cookieData = DecryptCookie(cookie.Value, salt);
            AntiForgeryData formData   = DecryptForm(formToken, salt);

            if (!string.Equals(cookieData.Value, formData.Value))
            {
                throw new HttpAntiForgeryException();
            }
        }
コード例 #3
0
 private static string GetDataFromCookiePrivate(HttpCookie cookie, string salt, string domain, string path)
 {
     try
     {
         AntiForgeryData data = DecryptCookie(cookie.Value, salt);
         return(data.FormToken);
     }
     catch (HttpAntiForgeryException)
     {
         return(GetDataAndSetCookie(salt, domain, path));
     }
 }
コード例 #4
0
        private static string GetDataAndSetCookiePrivate(string salt, string domain, string path)
        {
            AntiForgeryData data   = CreateEncryptedToken(salt);
            HttpCookie      cookie = new HttpCookie(GetTokenName(HttpContext.Current.Request.ApplicationPath), data.CookieValue)
            {
                HttpOnly = true, Domain = domain
            };

            if (!Compare.IsNullOrEmpty(path))
            {
                cookie.Path = path;
            }
            HttpContext.Current.Response.Cookies.Set(cookie);

            return(data.FormToken);
        }
コード例 #5
0
        private static AntiForgeryData CreateEncryptedToken(string salt)
        {
            byte[]               valueData      = new byte[0x10];
            byte[]               systemSaltData = new byte[0x5];
            AntiForgeryData      token          = new AntiForgeryData();
            Triplet              triplet        = new Triplet();
            ObjectStateFormatter formatter      = new ObjectStateFormatter();

            try
            {
                Rng.GetBytes(valueData);
                Rng.GetBytes(systemSaltData);

                triplet.First = Convert.ToBase64String(valueData);
                triplet.Third = Convert.ToBase64String(systemSaltData);

                byte[] cookieBytes;

                using (MemoryStream stream = new MemoryStream())
                {
                    formatter.Serialize(stream, triplet);
                    cookieBytes = stream.ToArray();
                }

                token.CookieValue = MachineKey.Protect(cookieBytes, "Authentication token").ToHexString();
//                token.CookieValue = MachineKey.Encode(cookieBytes, MachineKeyProtection.All);

                Rng.GetBytes(systemSaltData);

                triplet.Second = salt;
                triplet.Third  = Convert.ToBase64String(systemSaltData);

                token.FormToken = MachineKey.Protect(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), "Authentication token").ToHexString();
//                token.FormToken = MachineKey.Encode(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), MachineKeyProtection.All);
                token.Value = (string)triplet.First;

                return(token);
            }
            catch (Exception)
            {
                throw new HttpAntiForgeryException();
            }
        }
コード例 #6
0
        private static AntiForgeryData Decrypt(string value, ObjectStateFormatter formatter, Triplet triplet, string salt, AntiForgeryData token)
        {
            byte[] systemSalt = new byte[0x5];
            Rng.GetBytes(systemSalt);

            triplet.Second = salt;
            triplet.Third  = Convert.ToBase64String(systemSalt);

            token.Value       = (string)triplet.First;
            token.CookieValue = value;
            token.FormToken   = MachineKey.Protect(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), "Authentication token").ToHexString();
//            token.FormToken = MachineKey.Encode(Encoding.UTF8.GetBytes(formatter.Serialize(triplet)), MachineKeyProtection.All);

            return(token);
        }