private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string salt, string domain, string path)
        {
            string cookieName = AjaxAntiForgeryData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath);

            AjaxAntiForgeryData cookieToken;
            HttpCookie cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName];
            if (cookie != null)
            {
                cookieToken = Serializer.Deserialize(cookie.Value);
            }
            else
            {
                cookieToken = AjaxAntiForgeryData.NewToken();
                string cookieValue = Serializer.Serialize(cookieToken);

                HttpCookie newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
                if (!String.IsNullOrEmpty(path))
                {
                    newCookie.Path = path;
                }
                helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie);
            }

            AjaxAntiForgeryData formToken = new AjaxAntiForgeryData(cookieToken)
            {
                Salt = salt,
                Username = AjaxAntiForgeryData.GetUsername(helper.ViewContext.HttpContext.User)
            };
            string formValue = Serializer.Serialize(formToken);
            return formValue;
        }
Exemplo n.º 2
0
        // copy constructor
        public AjaxAntiForgeryData(AjaxAntiForgeryData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            CreationDate = token.CreationDate;
            Salt = token.Salt;
            Username = token.Username;
            Value = token.Value;
        }
        public virtual string Serialize(AjaxAntiForgeryData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            object[] objToSerialize = new object[] {
                token.Salt,
                token.Value,
                token.CreationDate,
                token.Username
            };

            string serializedValue = Formatter.Serialize(objToSerialize);
            return serializedValue;
        }
 private bool ValidateFormToken(AjaxAntiForgeryData token)
 {
     return (String.Equals(Salt, token.Salt, StringComparison.Ordinal));
 }