public bool Validate(string salt)
{
var applicationPath = _fubuApplicationFiles.RootPath;
var fieldName = _tokenProvider.GetTokenName();
var cookieName = _tokenProvider.GetTokenName(applicationPath);
var cookie = _cookies.Get(cookieName);
if (cookie == null || string.IsNullOrEmpty(cookie.Value))
{
return(false);
}
var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));
var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string
??
_requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string;
if (formValue.IsEmpty())
{
return(false);
}
var formToken = _serializer.Deserialize(formValue);
if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
return(false);
}
var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal);
if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
{
return(false);
}
return(true);
}
public bool Validate(string salt)
{
var cookies = (HttpCookieCollection)_requestData.Value("Cookies");
var applicationPath = (string)_requestData.Value("ApplicationPath");
var form = (NameValueCollection)_requestData.Value("Form");
string fieldName = _tokenProvider.GetTokenName();
string cookieName = _tokenProvider.GetTokenName(applicationPath);
HttpCookie cookie = cookies[cookieName];
if (cookie == null || string.IsNullOrEmpty(cookie.Value))
{
return(false);
}
AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value);
string formValue = form[fieldName];
if (string.IsNullOrEmpty(formValue))
{
return(false);
}
AntiForgeryData formToken = _serializer.Deserialize(formValue);
if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
{
return(false);
}
string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser);
if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
{
return(false);
}
return(true);
}
public AntiForgeryData GetCookieToken()
{
var applicationPath = _fubuApplicationFiles.RootPath;
string name = _tokenProvider.GetTokenName(applicationPath);
Cookie cookie = _cookies.Get(name);
AntiForgeryData cookieToken = null;
if (cookie != null)
{
try
{
cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));
}
catch (FubuException)
{
// TODO -- log this. Need a generic tracing mechanism
}
}
return(cookieToken ?? _tokenProvider.GenerateToken());
}
public AntiForgeryData GetCookieToken()
{
var cookies = (HttpCookieCollection)_requestData.Value("Cookies");
var applicationPath = (string)_requestData.Value("ApplicationPath");
string name = _tokenProvider.GetTokenName(applicationPath);
HttpCookie cookie = cookies[name];
AntiForgeryData cookieToken = null;
if (cookie != null)
{
try
{
cookieToken = _serializer.Deserialize(cookie.Value);
}
catch (FubuException)
{
//TODO: Log this?
}
}
return(cookieToken ?? _tokenProvider.GenerateToken());
}