diff options
| author | Microsoft <aspnet@microsoft.com> | 2012-05-14 19:13:11 -0700 |
|---|---|---|
| committer | Microsoft <aspnet@microsoft.com> | 2012-05-14 19:13:11 -0700 |
| commit | e29028dc6d11e1254b0c992c9872c00729001ed9 (patch) | |
| tree | eb4c8f3e5a53e2b16334b83c9cf6753e26e99737 /src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs | |
| parent | ff176fc2fe8934fc8ff2b06f53b8d37ddec5ac27 (diff) | |
| download | DotNetOpenAuth-e29028dc6d11e1254b0c992c9872c00729001ed9.zip DotNetOpenAuth-e29028dc6d11e1254b0c992c9872c00729001ed9.tar.gz DotNetOpenAuth-e29028dc6d11e1254b0c992c9872c00729001ed9.tar.bz2 | |
Make changes to fix Style cop issues.
Diffstat (limited to 'src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs')
| -rw-r--r-- | src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs b/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs index b18ee50..8327042 100644 --- a/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs +++ b/src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs @@ -27,6 +27,10 @@ namespace DotNetOpenAuth.AspNet { /// The query string name for session id. /// </summary> private const string SessionIdQueryStringName = "__sid__"; + + /// <summary> + /// The cookie name for session id. + /// </summary> private const string SessionIdCookieName = "__csid__"; /// <summary> @@ -192,7 +196,7 @@ namespace DotNetOpenAuth.AspNet { /// </returns> public AuthenticationResult VerifyAuthentication(string returnUrl) { // check for XSRF attack - bool successful = ValidateRequestAgainstXsrfAttack(); + bool successful = this.ValidateRequestAgainstXsrfAttack(); if (!successful) { return new AuthenticationResult( isSuccessful: false, @@ -241,6 +245,10 @@ namespace DotNetOpenAuth.AspNet { } } + /// <summary> + /// Validates the request against XSRF attack. + /// </summary> + /// <returns><c>true</c> if the request is safe. Otherwise, <c>false</c>.</returns> private bool ValidateRequestAgainstXsrfAttack() { // get the session id query string parameter string queryStringSessionId = this.requestContext.Request.QueryString[SessionIdQueryStringName]; @@ -248,7 +256,7 @@ namespace DotNetOpenAuth.AspNet { // get the cookie id query string parameter var cookie = this.requestContext.Request.Cookies[SessionIdCookieName]; - bool successful = !String.IsNullOrEmpty(queryStringSessionId) && + bool successful = !string.IsNullOrEmpty(queryStringSessionId) && cookie != null && queryStringSessionId == cookie.Value; |