private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string domain, string path) { var cookieName = CsrfData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath); CsrfData cookieToken; var cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName]; if (cookie != null) { cookieToken = Serializer.Deserialize(cookie.Value); } else { cookieToken = CsrfData.NewToken(); var cookieValue = Serializer.Serialize(cookieToken); var newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain }; if (!string.IsNullOrEmpty(path)) { newCookie.Path = path; } helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie); } var formToken = new CsrfData(cookieToken) { Username = CsrfData.GetUsername(helper.ViewContext.HttpContext.User) }; var formValue = Serializer.Serialize(formToken); return(formValue); }
private static string GetAntiForgeryTokenAndSetCookie(this HtmlHelper helper, string domain, string path) { var cookieName = CsrfData.GetAntiForgeryTokenName(helper.ViewContext.HttpContext.Request.ApplicationPath); CsrfData cookieToken; var cookie = helper.ViewContext.HttpContext.Request.Cookies[cookieName]; if (cookie != null) { cookieToken = Serializer.Deserialize(cookie.Value); } else { cookieToken = CsrfData.NewToken(); var cookieValue = Serializer.Serialize(cookieToken); var newCookie = new HttpCookie(cookieName, cookieValue) { HttpOnly = true, Domain = domain }; if (!string.IsNullOrEmpty(path)) { newCookie.Path = path; } helper.ViewContext.HttpContext.Response.Cookies.Set(newCookie); } var formToken = new CsrfData(cookieToken) { Username = CsrfData.GetUsername(helper.ViewContext.HttpContext.User) }; var formValue = Serializer.Serialize(formToken); return formValue; }
public static MvcHtmlString CsrfToken(this HtmlHelper helper, string domain, string path) { var formValue = GetAntiForgeryTokenAndSetCookie(helper, domain, path); var fieldName = CsrfData.GetAntiForgeryTokenName(null); var builder = new TagBuilder("meta"); builder.Attributes["name"] = fieldName; builder.Attributes["content"] = formValue; return(MvcHtmlString.Create(builder.ToString(TagRenderMode.StartTag))); }
public CsrfData(CsrfData token) { if (token == null) { throw new ArgumentNullException("token"); } CreationDate = token.CreationDate; Salt = token.Salt; Username = token.Username; Value = token.Value; }
public virtual string Serialize(CsrfData token) { if (token == null) { throw new ArgumentNullException("token"); } var objToSerialize = new object[] { token.Salt, token.Value, token.CreationDate, token.Username }; var serializedValue = Formatter.Serialize(objToSerialize); return serializedValue; }
public virtual string Serialize(CsrfData token) { if (token == null) { throw new ArgumentNullException("token"); } var objToSerialize = new object[] { token.Salt, token.Value, token.CreationDate, token.Username }; var serializedValue = Formatter.Serialize(objToSerialize); return(serializedValue); }
private bool ValidateFormToken(CsrfData token) { return (String.Equals(Salt, token.Salt, StringComparison.Ordinal)); }