Пример #1
0
        public bool Validate(string salt)
        {
            var applicationPath = _fubuApplicationFiles.RootPath;
            var fieldName       = _tokenProvider.GetTokenName();
            var cookieName      = _tokenProvider.GetTokenName(applicationPath);

            var cookie = _cookies.Get(cookieName);

            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
            {
                return(false);
            }

            var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));

            var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string
                            ??
                            _requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string;

            if (formValue.IsEmpty())
            {
                return(false);
            }

            var formToken = _serializer.Deserialize(formValue);

            if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                return(false);
            }

            var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal);

            if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
            {
                return(false);
            }

            return(true);
        }
Пример #2
0
        public bool Validate(string salt)
        {
            var    cookies         = (HttpCookieCollection)_requestData.Value("Cookies");
            var    applicationPath = (string)_requestData.Value("ApplicationPath");
            var    form            = (NameValueCollection)_requestData.Value("Form");
            string fieldName       = _tokenProvider.GetTokenName();
            string cookieName      = _tokenProvider.GetTokenName(applicationPath);

            HttpCookie cookie = cookies[cookieName];

            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
            {
                return(false);
            }
            AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value);

            string formValue = form[fieldName];

            if (string.IsNullOrEmpty(formValue))
            {
                return(false);
            }
            AntiForgeryData formToken = _serializer.Deserialize(formValue);

            if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                return(false);
            }

            string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser);

            if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
            {
                return(false);
            }

            return(true);
        }
Пример #3
0
        public AntiForgeryData GetCookieToken()
        {
            var             applicationPath = _fubuApplicationFiles.RootPath;
            string          name            = _tokenProvider.GetTokenName(applicationPath);
            Cookie          cookie          = _cookies.Get(name);
            AntiForgeryData cookieToken     = null;

            if (cookie != null)
            {
                try
                {
                    cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));
                }
                catch (FubuException)
                {
                    // TODO -- log this.  Need a generic tracing mechanism
                }
            }

            return(cookieToken ?? _tokenProvider.GenerateToken());
        }
Пример #4
0
        public AntiForgeryData GetCookieToken()
        {
            var             cookies         = (HttpCookieCollection)_requestData.Value("Cookies");
            var             applicationPath = (string)_requestData.Value("ApplicationPath");
            string          name            = _tokenProvider.GetTokenName(applicationPath);
            HttpCookie      cookie          = cookies[name];
            AntiForgeryData cookieToken     = null;

            if (cookie != null)
            {
                try
                {
                    cookieToken = _serializer.Deserialize(cookie.Value);
                }
                catch (FubuException)
                {
                    //TODO: Log this?
                }
            }

            return(cookieToken ?? _tokenProvider.GenerateToken());
        }