CRSFクロスステーション要求偽造
2552 ワード
protected string cookieName = "";
///
/// Toke
///
///
protected string CreateToken()
{
string gid = Guid.NewGuid().ToString() + "123546";
string desString = EncryptedString(gid, DESKey);
HttpCookie cookie = Request.Cookies.Get(cookieName);
if (cookie == null)
{
cookie = new HttpCookie(cookieName);
cookie.Value = desString;
cookie.Expires = DateTime.Now.AddMinutes(2);
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
}
else
{
cookie.Value = desString;
cookie.HttpOnly = true;
Response.Cookies.Set(cookie);
}
return desString;
}
///
/// token
///
///
///
protected bool CheckToken(string token)
{
bool flag = false;
try
{
HttpCookie cookie = Request.Cookies.Get(GetTokenName());
if (cookie != null)
{
string desString = DecryptedString(cookie.Value, DESKey);
token = DecryptedString(token, DESKey);
if (token == desString)
{
flag = true;
}
}
}
catch (DecryptErrorException ex)
{
flag = false;
}
catch(SourceIsNullOrEmptyException ex)
{
flag = false;
}
return flag;
}
protected string CreateTokenName()
{
cookieName = Guid.NewGuid().ToString();
return cookieName;
}
protected string GetTokenName()
{
return Utils.GetFormString("TokenName");
}
postクッキーがコミットされたtokenと一致するかどうかを検証
string token = Request.From["GUID"];
if (!this.CheckToken(token))
{
return false;
}