private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string salt, string domain, string path) { string cookieName = AjaxAntiForgeryData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath); AjaxAntiForgeryData cookieToken; HttpCookie cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName]; if (cookie != null) { cookieToken = Serializer.Deserialize(cookie.Value); } else { cookieToken = AjaxAntiForgeryData.NewToken(); string cookieValue = Serializer.Serialize(cookieToken); HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain }; if (!String.IsNullOrEmpty(path)) { newCookie.Path = path; } helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie); } AjaxAntiForgeryData formToken = new AjaxAntiForgeryData(cookieToken) { Salt = salt, Username = AjaxAntiForgeryData.GetUsername(helper.ViewContext.HttpContext.User) }; string formValue = Serializer.Serialize(formToken); return formValue; }
// copy constructor public AjaxAntiForgeryData(AjaxAntiForgeryData token) { if (token == null) { throw new ArgumentNullException("token"); } CreationDate = token.CreationDate; Salt = token.Salt; Username = token.Username; Value = token.Value; }
public virtual string Serialize(AjaxAntiForgeryData token) { if (token == null) { throw new ArgumentNullException("token"); } object[] objToSerialize = new object[] { token.Salt, token.Value, token.CreationDate, token.Username }; string serializedValue = Formatter.Serialize(objToSerialize); return serializedValue; }
private bool ValidateFormToken(AjaxAntiForgeryData token) { return (String.Equals(Salt, token.Salt, StringComparison.Ordinal)); }