示例#1
0
        public FormToken GetFormToken(AntiForgeryData token, string salt)
        {
            var formToken = new AntiForgeryData(token)
            {
                Salt     = salt,
                Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser)
            };
            string tokenString = _serializer.Serialize(formToken);

            return(new FormToken
            {
                Name = _tokenProvider.GetTokenName(),
                TokenString = tokenString
            });
        }
示例#2
0
        public bool Validate(string salt)
        {
            var applicationPath = _fubuApplicationFiles.RootPath;
            var fieldName       = _tokenProvider.GetTokenName();
            var cookieName      = _tokenProvider.GetTokenName(applicationPath);

            var cookie = _cookies.Get(cookieName);

            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
            {
                return(false);
            }

            var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value));

            var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string
                            ??
                            _requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string;

            if (formValue.IsEmpty())
            {
                return(false);
            }

            var formToken = _serializer.Deserialize(formValue);

            if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                return(false);
            }

            var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal);

            if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
            {
                return(false);
            }

            return(true);
        }
示例#3
0
        public bool Validate(string salt)
        {
            var    cookies         = (HttpCookieCollection)_requestData.Value("Cookies");
            var    applicationPath = (string)_requestData.Value("ApplicationPath");
            var    form            = (NameValueCollection)_requestData.Value("Form");
            string fieldName       = _tokenProvider.GetTokenName();
            string cookieName      = _tokenProvider.GetTokenName(applicationPath);

            HttpCookie cookie = cookies[cookieName];

            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
            {
                return(false);
            }
            AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value);

            string formValue = form[fieldName];

            if (string.IsNullOrEmpty(formValue))
            {
                return(false);
            }
            AntiForgeryData formToken = _serializer.Deserialize(formValue);

            if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                return(false);
            }

            string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser);

            if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal))
            {
                return(false);
            }

            return(true);
        }