private string CreateAntiForgeryToken()
{
//Generate a new Anti-XSRF token
_antiXsrfTokenValue = Guid.NewGuid().ToString("N");
//Set the view state user key, which will be validated by the
//framework during each request
//Page.ViewStateUserKey = _antiXsrfTokenValue;
//Create the non-persistent CSRF cookie
var responseCookie = new HttpCookie(AntiXsrfTokenKey)
{
//Set the HttpOnly property to prevent the cookie from
//being accessed by client side script
HttpOnly = true,
//Add the Anti-XSRF token to the cookie value
Value = _antiXsrfTokenValue
};
//If we are using SSL, the cookie should be set to secure to
//prevent it from being sent over HTTP connections
// TODO: if ssl secur cookie
//if ( FormsAuthentication.RequireSSL &&
//Request.IsSecureConnection )
// responseCookie.Secure = true;
//Add the CSRF cookie to the response
RockPage.AddOrUpdateCookie(responseCookie);
return(_antiXsrfTokenValue);
}
/// <summary>
/// Saves to cookie.
/// We are now encrypting this cookie see Asana: REF# 20210224-MSB1 for details.
/// </summary>
public void SaveToCookie()
{
var localDeviceConfigValue = this.ToJson(indentOutput: false);
var encryptedValue = Encryption.EncryptString(localDeviceConfigValue);
RockPage.AddOrUpdateCookie(CheckInCookieKey.LocalDeviceConfig, encryptedValue, RockDateTime.Now.AddYears(1));
}
