C# (CSharp) CM.Web CustomAntiForgeryData.GetUsername示例

示例#1

        public void Validate(HttpContextBase context, string salt)
        {
            string     antiForgeryTokenName  = CustomAntiForgeryData.GetAntiForgeryTokenName(null);
            string     antiForgeryTokenName2 = CustomAntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath);
            HttpCookie httpCookie            = context.Request.Cookies[antiForgeryTokenName2];

            if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value))
            {
                //throw CustomAntiForgeryWorker.CreateValidationException();
                ThrowValidationException();
                return;
            }

            string text = context.Request.Form[antiForgeryTokenName];

            if (string.IsNullOrEmpty(text))
            {
                //throw CustomAntiForgeryWorker.CreateValidationException();
                ThrowValidationException();
                return;
            }

            CustomAntiForgeryData antiForgeryData  = this.Serializer.Deserialize(httpCookie.Value);
            CustomAntiForgeryData antiForgeryData2 = this.Serializer.Deserialize(text);

            if (antiForgeryData == null || antiForgeryData2 == null)
            {
                ThrowValidationException();
                return;
            }

            if (!string.Equals(antiForgeryData.Value, antiForgeryData2.Value, StringComparison.Ordinal))
            {
                //throw CustomAntiForgeryWorker.CreateValidationException();
                ThrowValidationException();
                return;
            }
            string username = CustomAntiForgeryData.GetUsername(context.User);

            if (!string.Equals(antiForgeryData2.Username, username, StringComparison.OrdinalIgnoreCase))
            {
                //throw CustomAntiForgeryWorker.CreateValidationException();
                ThrowValidationException();
                return;
            }
            if (!string.Equals(salt ?? string.Empty, antiForgeryData2.Salt, StringComparison.Ordinal))
            {
                //throw CustomAntiForgeryWorker.CreateValidationException();
                ThrowValidationException();
                return;
            }
        }

示例#2

        private string GetCustomAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, string salt, string domain, string path)
        {
            string antiForgeryTokenName           = CustomAntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath);
            CustomAntiForgeryData antiForgeryData = null;
            HttpCookie            httpCookie      = httpContext.Request.Cookies[antiForgeryTokenName];

            if (httpCookie != null)
            {
                try
                {
                    antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
                }
                catch (Exception ex)
                {
                    CM.Web.AntiForgery.Custom.Logger.Exception(ex);
                }
            }
            if (antiForgeryData == null)
            {
                antiForgeryData = CustomAntiForgeryData.NewToken();
                string     value       = this.Serializer.Serialize(antiForgeryData);
                HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value)
                {
                    HttpOnly = true,
                    Domain   = domain
                };
                if (!string.IsNullOrEmpty(path))
                {
                    httpCookie2.Path = path;
                }
                httpContext.Response.Cookies.Set(httpCookie2);
            }
            CustomAntiForgeryData token = new CustomAntiForgeryData(antiForgeryData)
            {
                Salt     = salt,
                Username = CustomAntiForgeryData.GetUsername(httpContext.User)
            };

            return(this.Serializer.Serialize(token));
        }