public FormToken GetFormToken(AntiForgeryData token, string salt)
{
var formToken = new AntiForgeryData(token)
{
Salt = salt,
Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser)
};
string tokenString = _serializer.Serialize(formToken);
return(new FormToken
{
Name = _tokenProvider.GetTokenName(),
TokenString = tokenString
});
}
public bool Validate(string salt)
{
var applicationPath = _fubuApplicationFiles.RootPath;
var fieldName = _tokenProvider.GetTokenName();
var cookieName = _tokenProvider.GetTokenName(applicationPath);
var cookie = _cookies.Get(cookieName);
if (cookie == null || string.IsNullOrEmpty(cookie.Value))
{
return(false);
}
var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));
var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string
??
_requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string;
if (formValue.IsEmpty())
{
return(false);
}
var formToken = _serializer.Deserialize(formValue);
if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
return(false);
}
var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal);
if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
{
return(false);
}
return(true);
}
public bool Validate(string salt)
{
var cookies = (HttpCookieCollection)_requestData.Value("Cookies");
var applicationPath = (string)_requestData.Value("ApplicationPath");
var form = (NameValueCollection)_requestData.Value("Form");
string fieldName = _tokenProvider.GetTokenName();
string cookieName = _tokenProvider.GetTokenName(applicationPath);
HttpCookie cookie = cookies[cookieName];
if (cookie == null || string.IsNullOrEmpty(cookie.Value))
{
return(false);
}
AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value);
string formValue = form[fieldName];
if (string.IsNullOrEmpty(formValue))
{
return(false);
}
AntiForgeryData formToken = _serializer.Deserialize(formValue);
if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
return(false);
}
string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser);
if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
{
return(false);
}
return(true);
}