/// <summary>
/// 验证请求
/// </summary>
/// <param name="context"></param>
/// <param name="salt"></param>
public void Validate(HttpContext context, string salt)
{
string formTokenName = AntiForgeryData.GetAntiForgeryTokenName(null);
string cookieTokenName = AntiForgeryData.GetAntiForgeryTokenName(context.Request.ApplicationPath);
HttpCookie httpCookie = context.Request.Cookies[cookieTokenName];
if (httpCookie == null || string.IsNullOrEmpty(httpCookie.Value))
{
throw AntiForgeryWorker.CreateValidationException();
}
AntiForgeryData cookieAntiForgeryData = this.Serializer.Deserialize(httpCookie.Value);//从客户端cookie传来的防伪标识
string text = context.Request.Form[formTokenName];
if (string.IsNullOrEmpty(text))
{
throw AntiForgeryWorker.CreateValidationException();
}
AntiForgeryData formAntiForgeryData = this.Serializer.Deserialize(text);//从表单里面传递过来的防伪标识
if (!string.Equals(cookieAntiForgeryData.Value, formAntiForgeryData.Value, StringComparison.Ordinal))
{
throw AntiForgeryWorker.CreateValidationException();
}
string username = AntiForgeryData.GetUsername(context.User);//当前的用户名
if (!string.Equals(formAntiForgeryData.Username, username, StringComparison.OrdinalIgnoreCase))
{
throw AntiForgeryWorker.CreateValidationException();
}
if (!string.Equals(salt ?? string.Empty, formAntiForgeryData.Salt, StringComparison.Ordinal))
{
throw AntiForgeryWorker.CreateValidationException();
}
}
/// <summary>
/// 给页面打上防伪标识
/// </summary>
/// <param name="httpContext"></param>
/// <param name="salt"></param>
/// <param name="domain"></param>
/// <param name="path"></param>
/// <returns></returns>
public String GetHtml(HttpContext httpContext, string salt, string domain, string path)
{
string antiForgeryTokenAndSetCookie = this.GetAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path);
string antiForgeryTokenName = AntiForgeryData.GetAntiForgeryTokenName(null);
TagBuilder tagBuilder = new TagBuilder("input");
tagBuilder.Attributes["type"] = "hidden";
tagBuilder.Attributes["name"] = antiForgeryTokenName;
tagBuilder.Attributes["value"] = antiForgeryTokenAndSetCookie;
return(tagBuilder.ToString(TagRenderMode.SelfClosing));
}
/// <summary>
/// 获取、设置防伪标识
/// </summary>
/// <param name="httpContext"></param>
/// <param name="salt"></param>
/// <param name="domain"></param>
/// <param name="path"></param>
/// <returns></returns>
private string GetAntiForgeryTokenAndSetCookie(HttpContext httpContext, string salt, string domain, string path)
{
string antiForgeryTokenName = AntiForgeryData.GetAntiForgeryTokenName(httpContext.Request.ApplicationPath);
AntiForgeryData antiForgeryData = null;
HttpCookie httpCookie = httpContext.Request.Cookies[antiForgeryTokenName];
if (httpCookie != null)
{
try
{
antiForgeryData = this.Serializer.Deserialize(httpCookie.Value);
}
catch
{
}
}
if (antiForgeryData == null)
{
antiForgeryData = AntiForgeryData.NewToken();
string value = this.Serializer.Serialize(antiForgeryData);
HttpCookie httpCookie2 = new HttpCookie(antiForgeryTokenName, value)
{
HttpOnly = true,
Domain = domain
};
if (!string.IsNullOrEmpty(path))
{
httpCookie2.Path = path;
}
httpContext.Response.Cookies.Set(httpCookie2);
}
AntiForgeryData token = new AntiForgeryData(antiForgeryData)
{
Salt = salt,
Username = AntiForgeryData.GetUsername(httpContext.User)
};
return(this.Serializer.Serialize(token));
}