diff options
Diffstat (limited to 'samples/TestAzureAD/Site.Master.cs')
| -rw-r--r-- | samples/TestAzureAD/Site.Master.cs | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/samples/TestAzureAD/Site.Master.cs b/samples/TestAzureAD/Site.Master.cs deleted file mode 100644 index f0e6e6e..0000000 --- a/samples/TestAzureAD/Site.Master.cs +++ /dev/null @@ -1,73 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Web; -using System.Web.Security; -using System.Web.UI; -using System.Web.UI.WebControls; - -namespace TestAzureAD -{ - public partial class SiteMaster : MasterPage - { - private const string AntiXsrfTokenKey = "__AntiXsrfToken"; - private const string AntiXsrfUserNameKey = "__AntiXsrfUserName"; - private string _antiXsrfTokenValue; - - protected void Page_Init(object sender, EventArgs e) - { - // The code below helps to protect against XSRF attacks - var requestCookie = Request.Cookies[AntiXsrfTokenKey]; - Guid requestCookieGuidValue; - if (requestCookie != null && Guid.TryParse(requestCookie.Value, out requestCookieGuidValue)) - { - // Use the Anti-XSRF token from the cookie - _antiXsrfTokenValue = requestCookie.Value; - Page.ViewStateUserKey = _antiXsrfTokenValue; - } - else - { - // Generate a new Anti-XSRF token and save to the cookie - _antiXsrfTokenValue = Guid.NewGuid().ToString("N"); - Page.ViewStateUserKey = _antiXsrfTokenValue; - - var responseCookie = new HttpCookie(AntiXsrfTokenKey) - { - HttpOnly = true, - Value = _antiXsrfTokenValue - }; - if (FormsAuthentication.RequireSSL && Request.IsSecureConnection) - { - responseCookie.Secure = true; - } - Response.Cookies.Set(responseCookie); - } - - Page.PreLoad += master_Page_PreLoad; - } - - protected void master_Page_PreLoad(object sender, EventArgs e) - { - if (!IsPostBack) - { - // Set Anti-XSRF token - ViewState[AntiXsrfTokenKey] = Page.ViewStateUserKey; - ViewState[AntiXsrfUserNameKey] = Context.User.Identity.Name ?? String.Empty; - } - else - { - // Validate the Anti-XSRF token - if ((string)ViewState[AntiXsrfTokenKey] != _antiXsrfTokenValue - || (string)ViewState[AntiXsrfUserNameKey] != (Context.User.Identity.Name ?? String.Empty)) - { - throw new InvalidOperationException("Validation of Anti-XSRF token failed."); - } - } - } - - protected void Page_Load(object sender, EventArgs e) - { - - } - } -}
\ No newline at end of file |