C# (CSharp) System.Web.Mvc AntiForgeryData.GetAntiForgeryTokenName示例

示例#1

        public string AntiForgeryToken(string salt, string domain, string path)
        {
            string formValue = GetAntiForgeryTokenAndSetCookie(salt, domain, path);
            string fieldName = AntiForgeryData.GetAntiForgeryTokenName(null);

            TagBuilder builder = new TagBuilder("input");

            builder.Attributes["type"]  = "hidden";
            builder.Attributes["name"]  = fieldName;
            builder.Attributes["value"] = formValue;
            return(builder.ToString(TagRenderMode.SelfClosing));
        }

示例#2

文件： ValidateAntiForgeryTokenAttribute.cs 项目： parvez2014/MutationInjectionFramework

        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            string fieldName  = AntiForgeryData.GetAntiForgeryTokenName(null);
            string cookieName = AntiForgeryData.GetAntiForgeryTokenName(filterContext.HttpContext.Request.ApplicationPath);

            HttpCookie cookie = filterContext.HttpContext.Request.Cookies[cookieName];

            if (cookie == null || String.IsNullOrEmpty(cookie.Value))
            {
                // error: cookie token is missing
                throw CreateValidationException();
            }
            AntiForgeryData cookieToken = Serializer.Deserialize(cookie.Value);

            string formValue = filterContext.HttpContext.Request.Form[fieldName];

            if (String.IsNullOrEmpty(formValue))
            {
                // error: form token is missing
                throw CreateValidationException();
            }
            AntiForgeryData formToken = Serializer.Deserialize(formValue);

            if (!String.Equals(cookieToken.Value, formToken.Value, StringComparison.Ordinal))
            {
                // error: form token does not match cookie token
                throw CreateValidationException();
            }

            string currentUsername = AntiForgeryData.GetUsername(filterContext.HttpContext.User);

            if (!String.Equals(formToken.Username, currentUsername, StringComparison.OrdinalIgnoreCase))
            {
                // error: form token is not valid for this user
                // (don't care about cookie token)
                throw CreateValidationException();
            }

            if (!ValidateFormToken(formToken))
            {
                // error: custom validation failed
                throw CreateValidationException();
            }
        }

示例#3

        private string GetAntiForgeryTokenAndSetCookie(string salt, string domain, string path)
        {
            string cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);

            AntiForgeryData cookieToken;
            HttpCookie      cookie = ViewContext.HttpContext.Request.Cookies[cookieName];

            if (cookie != null)
            {
                cookieToken = Serializer.Deserialize(cookie.Value);
            }
            else
            {
                cookieToken = AntiForgeryData.NewToken();
                string cookieValue = Serializer.Serialize(cookieToken);

                HttpCookie newCookie = new HttpCookie(cookieName, cookieValue)
                {
                    HttpOnly = true, Domain = domain
                };
                if (!String.IsNullOrEmpty(path))
                {
                    newCookie.Path = path;
                }
                ViewContext.HttpContext.Response.Cookies.Set(newCookie);
            }

            AntiForgeryData formToken = new AntiForgeryData(cookieToken)
            {
                CreationDate = DateTime.Now,
                Salt         = salt
            };
            string formValue = Serializer.Serialize(formToken);

            return(formValue);
        }