public AntiForgeryData(AntiForgeryData token) { CreationDate = token.CreationDate; Salt = token.Salt; Username = token.Username; Value = token.Value; }
public static HtmlTag AntiForgeryToken(this IFubuPage page, string salt, string path, string domain) { var antiForgeryService = page.Get <IAntiForgeryService>(); AntiForgeryData cookieToken = antiForgeryService.SetCookieToken(path, domain); FormToken formToken = antiForgeryService.GetFormToken(cookieToken, salt); return(new HiddenTag().Name(formToken.Name).Value(formToken.TokenString)); }
public virtual string Serialize(AntiForgeryData token) { using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) { writer.Write(token.Salt); writer.Write(token.Value); writer.Write(token.CreationDate.Ticks); writer.Write(token.Username); return _encoder.Encode(stream.ToArray()); } }
public virtual string Serialize(AntiForgeryData token) { using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) { writer.Write(token.Salt); writer.Write(token.Value); writer.Write(token.CreationDate.Ticks); writer.Write(token.Username); return(_encoder.Encode(stream.ToArray())); } }
public FormToken GetFormToken(AntiForgeryData token, string salt) { var formToken = new AntiForgeryData(token) { Salt = salt, Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser) }; string tokenString = _serializer.Serialize(formToken); return(new FormToken { Name = _tokenProvider.GetTokenName(), TokenString = tokenString }); }
public FormToken GetFormToken(AntiForgeryData token, string salt) { var formToken = new AntiForgeryData(token) { Salt = salt, Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser) }; string tokenString = _serializer.Serialize(formToken); return new FormToken { Name = _tokenProvider.GetTokenName(), TokenString = tokenString }; }
public bool Validate(string salt) { var applicationPath = _fubuApplicationFiles.RootPath; var fieldName = _tokenProvider.GetTokenName(); var cookieName = _tokenProvider.GetTokenName(applicationPath); var cookie = _cookies.Get(cookieName); if (cookie == null || string.IsNullOrEmpty(cookie.Value)) { return(false); } var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value)); var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string ?? _requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string; if (formValue.IsEmpty()) { return(false); } var formToken = _serializer.Deserialize(formValue); if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal)) { return(false); } var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal); if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase)) { return(false); } if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal)) { return(false); } return(true); }
public bool Validate(string salt) { var cookies = (HttpCookieCollection)_requestData.Value("Cookies"); var applicationPath = (string)_requestData.Value("ApplicationPath"); var form = (NameValueCollection)_requestData.Value("Form"); string fieldName = _tokenProvider.GetTokenName(); string cookieName = _tokenProvider.GetTokenName(applicationPath); HttpCookie cookie = cookies[cookieName]; if (cookie == null || string.IsNullOrEmpty(cookie.Value)) { return(false); } AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value); string formValue = form[fieldName]; if (string.IsNullOrEmpty(formValue)) { return(false); } AntiForgeryData formToken = _serializer.Deserialize(formValue); if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal)) { return(false); } string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser); if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase)) { return(false); } if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal)) { return(false); } return(true); }
public AntiForgeryData SetCookieToken(string path, string domain) { var applicationPath = (string)_requestData.Value("ApplicationPath"); AntiForgeryData token = GetCookieToken(); string name = _tokenProvider.GetTokenName(applicationPath); string cookieValue = _serializer.Serialize(token); var newCookie = new HttpCookie(name, cookieValue) { HttpOnly = true, Domain = domain }; if (!string.IsNullOrEmpty(path)) { newCookie.Path = path; } _outputWriter.AppendCookie(newCookie); return(token); }
public AntiForgeryData SetCookieToken(string path, string domain) { var applicationPath = _fubuApplicationFiles.RootPath; AntiForgeryData token = GetCookieToken(); string name = _tokenProvider.GetTokenName(applicationPath); string cookieValue = _serializer.Serialize(token); var newCookie = new Cookie(name, HttpUtility.UrlEncode(cookieValue)) { HttpOnly = true, Domain = domain }; if (!string.IsNullOrEmpty(path)) { newCookie.Path = path; } _outputWriter.AppendCookie(newCookie); return(token); }
public AntiForgeryData GetCookieToken() { var applicationPath = _fubuApplicationFiles.RootPath; string name = _tokenProvider.GetTokenName(applicationPath); Cookie cookie = _cookies.Get(name); AntiForgeryData cookieToken = null; if (cookie != null) { try { cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value)); } catch (FubuException) { // TODO -- log this. Need a generic tracing mechanism } } return(cookieToken ?? _tokenProvider.GenerateToken()); }
public AntiForgeryData GetCookieToken() { var cookies = (HttpCookieCollection)_requestData.Value("Cookies"); var applicationPath = (string)_requestData.Value("ApplicationPath"); string name = _tokenProvider.GetTokenName(applicationPath); HttpCookie cookie = cookies[name]; AntiForgeryData cookieToken = null; if (cookie != null) { try { cookieToken = _serializer.Deserialize(cookie.Value); } catch (FubuException) { //TODO: Log this? } } return(cookieToken ?? _tokenProvider.GenerateToken()); }