C# (CSharp) cohort.Security.CSRF CsrfData示例

示例#1

文件： HtmlExtensions.cs 项目： t9mike/vault

        private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string domain, string path)
        {
            var cookieName = CsrfData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath);

            CsrfData cookieToken;
            var      cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName];

            if (cookie != null)
            {
                cookieToken = Serializer.Deserialize(cookie.Value);
            }
            else
            {
                cookieToken = CsrfData.NewToken();
                var cookieValue = Serializer.Serialize(cookieToken);
                var newCookie   = new HttpCookie(cookieName, cookieValue)
                {
                    HttpOnly = true, Domain = domain
                };
                if (!string.IsNullOrEmpty(path))
                {
                    newCookie.Path = path;
                }
                helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie);
            }
            var formToken = new CsrfData(cookieToken)
            {
                Username = CsrfData.GetUsername(helper.ViewContext.HttpContext.User)
            };
            var formValue = Serializer.Serialize(formToken);

            return(formValue);
        }

示例#2

文件： HtmlExtensions.cs 项目： ehsan-davoudi/webstack

		private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string domain, string path)
		{
			var cookieName = CsrfData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath);

			CsrfData cookieToken;
			var cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName];
			if (cookie != null)
			{
				cookieToken = Serializer.Deserialize(cookie.Value);
			}
			else
			{
				cookieToken = CsrfData.NewToken();
				var cookieValue = Serializer.Serialize(cookieToken);
                var newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain };
				if (!string.IsNullOrEmpty(path))
				{
					newCookie.Path = path;
				}
				helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie);
			}
			var formToken = new CsrfData(cookieToken)
			{
				Username = CsrfData.GetUsername(helper.ViewContext.HttpContext.User)
			};
			var formValue = Serializer.Serialize(formToken);
			return formValue;
		}

示例#3

文件： HtmlExtensions.cs 项目： t9mike/vault

        public static MvcHtmlString CsrfToken(this HtmlHelper helper, string domain, string path)
        {
            var formValue = GetAntiForgeryTokenAndSetCookie(helper, domain, path);
            var fieldName = CsrfData.GetAntiForgeryTokenName(null);

            var builder = new TagBuilder("meta");

            builder.Attributes["name"]    = fieldName;
            builder.Attributes["content"] = formValue;
            return(MvcHtmlString.Create(builder.ToString(TagRenderMode.StartTag)));
        }

示例#4

文件： CsrfData.cs 项目： ehsan-davoudi/webstack

		public CsrfData(CsrfData token)
		{
			if (token == null)
			{
				throw new ArgumentNullException("token");
			}

			CreationDate = token.CreationDate;
			Salt = token.Salt;
			Username = token.Username;
			Value = token.Value;
		}

示例#5

文件： CsrfData.cs 项目： t9mike/vault

        public CsrfData(CsrfData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            CreationDate = token.CreationDate;
            Salt         = token.Salt;
            Username     = token.Username;
            Value        = token.Value;
        }

示例#6

文件： CsrfDataSerializer.cs 项目： ehsan-davoudi/webstack

		public virtual string Serialize(CsrfData token)
		{
			if (token == null)
			{
				throw new ArgumentNullException("token");
			}

			var objToSerialize = new object[] {
                token.Salt,
                token.Value,
                token.CreationDate,
                token.Username
            };

			var serializedValue = Formatter.Serialize(objToSerialize);
			return serializedValue;
		}

示例#7

文件： CsrfDataSerializer.cs 项目： t9mike/vault

        public virtual string Serialize(CsrfData token)
        {
            if (token == null)
            {
                throw new ArgumentNullException("token");
            }

            var objToSerialize = new object[] {
                token.Salt,
                token.Value,
                token.CreationDate,
                token.Username
            };

            var serializedValue = Formatter.Serialize(objToSerialize);

            return(serializedValue);
        }

示例#8

文件： AuthenticHttpPost.cs 项目： ehsan-davoudi/webstack

		private bool ValidateFormToken(CsrfData token)
		{
			return (String.Equals(Salt, token.Salt, StringComparison.Ordinal));
		}