/// <summary> /// 反序列化 防伪数据 /// </summary> /// <param name="serializedTicket"></param> /// <returns></returns> internal static AntiForgeryData Deserializer(byte[] serializedTicket) { AntiForgeryData result; try { using (MemoryStream memoryStream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader serializingBinaryReader = new SerializingBinaryReader(memoryStream)) { byte b = serializingBinaryReader.ReadByte(); if (b != 1) { result = null; } else { result = new AntiForgeryData { Salt = serializingBinaryReader.ReadBinaryString(), Value = serializingBinaryReader.ReadBinaryString(), CreationDate = new DateTime(serializingBinaryReader.ReadInt64()), Username = serializingBinaryReader.ReadBinaryString() }; } } } } catch { result = null; } return(result); }
public static FormsAuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { FormsAuthenticationTicket ticket; try { using (MemoryStream stream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader reader = new SerializingBinaryReader(stream)) { int version; DateTime issueDate; DateTime expirationDate; if (reader.ReadByte() != 1) { return(null); } version = reader.ReadByte(); int issueDateTimestamp = reader.ReadInt32(); issueDate = DateTimeExtend.FromUnixTime(issueDateTimestamp); int expirationTimestamp = reader.ReadInt32(); expirationDate = DateTimeExtend.FromUnixTime(expirationTimestamp); bool isPersistent = reader.ReadByte() == 1; if (reader.ReadByte() != 0xfe) { return(null); } string name = reader.ReadBinaryString(); string userData = reader.ReadBinaryString(); string cookiePath = reader.ReadBinaryString(); if (reader.ReadByte() != 0xff) { return(null); } if (stream.Position != serializedTicketLength) { return(null); } ticket = new FormsAuthenticationTicket(version, name, issueDate, expirationDate, isPersistent, userData, cookiePath); } } } catch { ticket = null; } return(ticket); }
private FormsAuthenticationCookie ConvertToAuthenticationTicket(byte[] data) { if (data == null) { throw new ArgumentNullException(nameof(data)); } using (var ticketBlobStream = new MemoryStream(data)) using (SerializingBinaryReader ticketReader = new SerializingBinaryReader(ticketBlobStream)) { byte serializedFormatVersion = ticketReader.ReadByte(); if (serializedFormatVersion != 0x01) { throw new ArgumentException("The data is not in the correct format, first byte must be 0x01.", nameof(data)); } byte ticketVersion = ticketReader.ReadByte(); DateTime ticketIssueDateUtc = new DateTime(ticketReader.ReadInt64(), DateTimeKind.Utc); byte spacer = ticketReader.ReadByte(); if (spacer != 0xFE) { throw new ArgumentException("The data is not in the correct format, tenth byte must be 0xFE.", nameof(data)); } DateTime ticketExpirationDateUtc = new DateTime(ticketReader.ReadInt64(), DateTimeKind.Utc); bool ticketIsPersistent = ticketReader.ReadByte() == 1; string ticketName = ticketReader.ReadBinaryString(); string ticketUserData = ticketReader.ReadBinaryString(); string ticketCookiePath = ticketReader.ReadBinaryString(); byte footer = ticketReader.ReadByte(); if (footer != 0xFF) { throw new ArgumentException("The data is not in the correct format, footer byte must be 0xFF.", nameof(data)); } //create ticket return(new FormsAuthenticationCookie() { Version = ticketVersion, UserName = ticketName, UserData = ticketUserData, CookiePath = ticketCookiePath, IsPersistent = ticketIsPersistent, IssuedUtc = ticketIssueDateUtc, ExpiresUtc = ticketExpirationDateUtc }); } }
public static AuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { try { using (MemoryStream memoryStream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader serializingBinaryReader = new SerializingBinaryReader((Stream)memoryStream)) { if ((int)serializingBinaryReader.ReadByte() != 1) { return(null); } int version = (int)serializingBinaryReader.ReadByte(); DateTime issueDateUtc = new DateTime(serializingBinaryReader.ReadInt64(), DateTimeKind.Utc); if ((int)serializingBinaryReader.ReadByte() != 254) { return(null); } DateTime expirationUtc = new DateTime(serializingBinaryReader.ReadInt64(), DateTimeKind.Utc); string name = serializingBinaryReader.ReadBinaryString(); int userDataLength = serializingBinaryReader.ReadInt32(); byte[] userBinary = serializingBinaryReader.ReadBytes(userDataLength); User user = null; try { user = userBinary.BinaryDeserialize <User>(); } catch { return(null); } if ((int)serializingBinaryReader.ReadByte() != (int)byte.MaxValue || memoryStream.Position != (long)serializedTicketLength) { return(null); } else { return(new AuthenticationTicket(name, version, issueDateUtc, expirationUtc, user)); } } } } catch { return(null); } }
public static AuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { try { using (MemoryStream memoryStream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader serializingBinaryReader = new SerializingBinaryReader((Stream)memoryStream)) { if ((int)serializingBinaryReader.ReadByte() != 1) return null; int version = (int)serializingBinaryReader.ReadByte(); DateTime issueDateUtc = new DateTime(serializingBinaryReader.ReadInt64(), DateTimeKind.Utc); if ((int)serializingBinaryReader.ReadByte() != 254) return null; DateTime expirationUtc = new DateTime(serializingBinaryReader.ReadInt64(), DateTimeKind.Utc); string name = serializingBinaryReader.ReadBinaryString(); int userDataLength = serializingBinaryReader.ReadInt32(); byte[] userBinary = serializingBinaryReader.ReadBytes(userDataLength); User user = null; try { user = userBinary.BinaryDeserialize<User>(); } catch { return null; } if ((int)serializingBinaryReader.ReadByte() != (int)byte.MaxValue || memoryStream.Position != (long)serializedTicketLength) return null; else return new AuthenticationTicket(name, version, issueDateUtc, expirationUtc, user); } } } catch { return null; } }
// Methods public static FormsAuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { FormsAuthenticationTicket ticket; try { using (MemoryStream stream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader reader = new SerializingBinaryReader(stream)) { int num2; DateTime time; DateTime time2; bool flag; string str; if (reader.ReadByte() == 1) { num2 = reader.ReadByte(); long ticks = reader.ReadInt64(); time = new DateTime(ticks, DateTimeKind.Utc); time.ToLocalTime(); if (reader.ReadByte() != 0xfe) { return(null); } long num5 = reader.ReadInt64(); time2 = new DateTime(num5, DateTimeKind.Utc); time2.ToLocalTime(); switch (reader.ReadByte()) { case 0: flag = false; goto Label_00A1; case 1: flag = true; goto Label_00A1; } } return(null); Label_00A1: str = reader.ReadBinaryString(); string userData = reader.ReadBinaryString(); string cookiePath = reader.ReadBinaryString(); if (reader.ReadByte() != 0xff) { return(null); } if (stream.Position != serializedTicketLength) { return(null); } ticket = new FormsAuthenticationTicket(num2, str, time.ToLocalTime(), time2.ToLocalTime(), flag, userData, cookiePath); } } } catch { ticket = null; } return(ticket); }
// Resurrects a FormsAuthenticationTicket from its serialized blob representation. // The input blob must be unsigned and unencrypted. This function returns null if // the serialized ticket format is invalid. The caller must also verify that the // ticket is still valid, as this method doesn't check expiration. public static FormsAuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { try { using (MemoryStream ticketBlobStream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader ticketReader = new SerializingBinaryReader(ticketBlobStream)) { // Step 1: Read the serialized format version number from the stream. // Currently the only supported format is 0x01. // LENGTH: 1 byte byte serializedFormatVersion = ticketReader.ReadByte(); if (serializedFormatVersion != CURRENT_TICKET_SERIALIZED_VERSION) { return null; // unexpected value } // Step 2: Read the ticket version number from the stream. // LENGTH: 1 byte int ticketVersion = ticketReader.ReadByte(); // Step 3: Read the ticket issue date from the stream. // LENGTH: 8 bytes long ticketIssueDateUtcTicks = ticketReader.ReadInt64(); DateTime ticketIssueDateUtc = new DateTime(ticketIssueDateUtcTicks, DateTimeKind.Utc); DateTime ticketIssueDateLocal = ticketIssueDateUtc.ToLocalTime(); // Step 4: Read the spacer from the stream. // LENGTH: 1 byte byte spacer = ticketReader.ReadByte(); if (spacer != 0xfe) { return null; // unexpected value } // Step 5: Read the ticket expiration date from the stream. // LENGTH: 8 bytes long ticketExpirationDateUtcTicks = ticketReader.ReadInt64(); DateTime ticketExpirationDateUtc = new DateTime(ticketExpirationDateUtcTicks, DateTimeKind.Utc); DateTime ticketExpirationDateLocal = ticketExpirationDateUtc.ToLocalTime(); // Step 6: Read the ticket persistence field from the stream. // LENGTH: 1 byte byte ticketPersistenceFieldValue = ticketReader.ReadByte(); bool ticketIsPersistent; switch (ticketPersistenceFieldValue) { case 0: ticketIsPersistent = false; break; case 1: ticketIsPersistent = true; break; default: return null; // unexpected value } // Step 7: Read the ticket username from the stream. // LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload) string ticketName = ticketReader.ReadBinaryString(); // Step 8: Read the ticket custom data from the stream. // LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload) string ticketUserData = ticketReader.ReadBinaryString(); // Step 9: Read the ticket cookie path from the stream. // LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload) string ticketCookiePath = ticketReader.ReadBinaryString(); // Step 10: Read the footer from the stream. // LENGTH: 1 byte byte footer = ticketReader.ReadByte(); if (footer != 0xff) { return null; // unexpected value } // Step 11: Verify that we have consumed the entire payload. // We don't expect there to be any more information after the footer. // The caller is responsible for telling us when the actual payload // is finished, as he may have handed us a byte array that contains // the payload plus signature as an optimization, and we don't want // to misinterpet the signature as a continuation of the payload. if (ticketBlobStream.Position != serializedTicketLength) { return null; } // Success. return FormsAuthenticationTicket.FromUtc( ticketVersion /* version */, ticketName /* name */, ticketIssueDateUtc /* issueDateUtc */, ticketExpirationDateUtc /* expirationUtc */, ticketIsPersistent /* isPersistent */, ticketUserData /* userData */, ticketCookiePath /* cookiePath */); } } } catch { // If anything goes wrong while parsing the token, just treat the token as invalid. return null; } }
// Resurrects a FormsAuthenticationTicket from its serialized blob representation. // The input blob must be unsigned and unencrypted. This function returns null if // the serialized ticket format is invalid. The caller must also verify that the // ticket is still valid, as this method doesn't check expiration. public static FormsAuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { try { using (MemoryStream ticketBlobStream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader ticketReader = new SerializingBinaryReader(ticketBlobStream)) { // Step 1: Read the serialized format version number from the stream. // Currently the only supported format is 0x01. // LENGTH: 1 byte byte serializedFormatVersion = ticketReader.ReadByte(); if (serializedFormatVersion != CURRENT_TICKET_SERIALIZED_VERSION) { return(null); // unexpected value } // Step 2: Read the ticket version number from the stream. // LENGTH: 1 byte int ticketVersion = ticketReader.ReadByte(); // Step 3: Read the ticket issue date from the stream. // LENGTH: 8 bytes long ticketIssueDateUtcTicks = ticketReader.ReadInt64(); DateTime ticketIssueDateUtc = new DateTime(ticketIssueDateUtcTicks, DateTimeKind.Utc); DateTime ticketIssueDateLocal = ticketIssueDateUtc.ToLocalTime(); // Step 4: Read the spacer from the stream. // LENGTH: 1 byte byte spacer = ticketReader.ReadByte(); if (spacer != 0xfe) { return(null); // unexpected value } // Step 5: Read the ticket expiration date from the stream. // LENGTH: 8 bytes long ticketExpirationDateUtcTicks = ticketReader.ReadInt64(); DateTime ticketExpirationDateUtc = new DateTime(ticketExpirationDateUtcTicks, DateTimeKind.Utc); DateTime ticketExpirationDateLocal = ticketExpirationDateUtc.ToLocalTime(); // Step 6: Read the ticket persistence field from the stream. // LENGTH: 1 byte byte ticketPersistenceFieldValue = ticketReader.ReadByte(); bool ticketIsPersistent; switch (ticketPersistenceFieldValue) { case 0: ticketIsPersistent = false; break; case 1: ticketIsPersistent = true; break; default: return(null); // unexpected value } // Step 7: Read the ticket username from the stream. // LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload) string ticketName = ticketReader.ReadBinaryString(); // Step 8: Read the ticket custom data from the stream. // LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload) string ticketUserData = ticketReader.ReadBinaryString(); // Step 9: Read the ticket cookie path from the stream. // LENGTH: 1+ bytes (7-bit encoded integer char count + UTF-16LE payload) string ticketCookiePath = ticketReader.ReadBinaryString(); // Step 10: Read the footer from the stream. // LENGTH: 1 byte byte footer = ticketReader.ReadByte(); if (footer != 0xff) { return(null); // unexpected value } // Step 11: Verify that we have consumed the entire payload. // We don't expect there to be any more information after the footer. // The caller is responsible for telling us when the actual payload // is finished, as he may have handed us a byte array that contains // the payload plus signature as an optimization, and we don't want // to misinterpet the signature as a continuation of the payload. if (ticketBlobStream.Position != serializedTicketLength) { return(null); } // Success. return(FormsAuthenticationTicket.FromUtc( ticketVersion /* version */, ticketName /* name */, ticketIssueDateUtc /* issueDateUtc */, ticketExpirationDateUtc /* expirationUtc */, ticketIsPersistent /* isPersistent */, ticketUserData /* userData */, ticketCookiePath /* cookiePath */)); } } } catch { // If anything goes wrong while parsing the token, just treat the token as invalid. return(null); } }
public static FormsAuthenticationTicket Deserialize(byte[] serializedTicket, int serializedTicketLength) { FormsAuthenticationTicket ticket; try { using (MemoryStream stream = new MemoryStream(serializedTicket)) { using (SerializingBinaryReader reader = new SerializingBinaryReader(stream)) { int num2; DateTime time; DateTime time2; bool flag; string str; if (reader.ReadByte() == 1) { num2 = reader.ReadByte(); long ticks = reader.ReadInt64(); time = new DateTime(ticks, DateTimeKind.Utc); time.ToLocalTime(); if (reader.ReadByte() != 0xfe) { return null; } long num5 = reader.ReadInt64(); time2 = new DateTime(num5, DateTimeKind.Utc); time2.ToLocalTime(); switch (reader.ReadByte()) { case 0: flag = false; goto Label_00A1; case 1: flag = true; goto Label_00A1; } } return null; Label_00A1: str = reader.ReadBinaryString(); string userData = reader.ReadBinaryString(); string cookiePath = reader.ReadBinaryString(); if (reader.ReadByte() != 0xff) { return null; } if (stream.Position != serializedTicketLength) { return null; } ticket = FormsAuthenticationTicket.FromUtc(num2, str, time, time2, flag, userData, cookiePath); } } } catch { ticket = null; } return ticket; }