public FormToken GetFormToken(AntiForgeryData token, string salt) { var formToken = new AntiForgeryData(token) { Salt = salt, Username = AntiForgeryData.GetUsername(_securityContext.CurrentUser) }; string tokenString = _serializer.Serialize(formToken); return(new FormToken { Name = _tokenProvider.GetTokenName(), TokenString = tokenString }); }
public bool Validate(string salt) { var applicationPath = _fubuApplicationFiles.RootPath; var fieldName = _tokenProvider.GetTokenName(); var cookieName = _tokenProvider.GetTokenName(applicationPath); var cookie = _cookies.Get(cookieName); if (cookie == null || string.IsNullOrEmpty(cookie.Value)) { return(false); } var cookieToken = _serializer.Deserialize(HttpUtility.UrlDecode(cookie.Value)); var formValue = _requestData.ValuesFor(RequestDataSource.Header).Get(fieldName) as string ?? _requestData.ValuesFor(RequestDataSource.Request).Get(fieldName) as string; if (formValue.IsEmpty()) { return(false); } var formToken = _serializer.Deserialize(formValue); if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal)) { return(false); } var currentUsername = AntiForgeryData.GetUsername(Thread.CurrentPrincipal); if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase)) { return(false); } if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal)) { return(false); } return(true); }
public bool Validate(string salt) { var cookies = (HttpCookieCollection)_requestData.Value("Cookies"); var applicationPath = (string)_requestData.Value("ApplicationPath"); var form = (NameValueCollection)_requestData.Value("Form"); string fieldName = _tokenProvider.GetTokenName(); string cookieName = _tokenProvider.GetTokenName(applicationPath); HttpCookie cookie = cookies[cookieName]; if (cookie == null || string.IsNullOrEmpty(cookie.Value)) { return(false); } AntiForgeryData cookieToken = _serializer.Deserialize(cookie.Value); string formValue = form[fieldName]; if (string.IsNullOrEmpty(formValue)) { return(false); } AntiForgeryData formToken = _serializer.Deserialize(formValue); if (!string.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal)) { return(false); } string currentUsername = AntiForgeryData.GetUsername(_securityContext.CurrentUser); if (!string.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase)) { return(false); } if (!string.Equals(salt ?? string.Empty, formToken.Salt, StringComparison.Ordinal)) { return(false); } return(true); }