1
namespace System.Web.Mvc {
3
using System.Security.Cryptography;
5
internal sealed class AntiForgeryToken {
7
private const int TokenLength = 128 / 8;
8
private static RNGCryptoServiceProvider _prng = new RNGCryptoServiceProvider();
11
private string _value;
13
public AntiForgeryToken() {
17
public AntiForgeryToken(AntiForgeryToken token) {
19
throw new ArgumentNullException("token");
22
CreationDate = token.CreationDate;
27
public DateTime CreationDate {
34
return _salt ?? String.Empty;
43
return _value ?? String.Empty;
50
private static string GenerateRandomTokenString() {
51
byte[] tokenBytes = new byte[TokenLength];
52
_prng.GetBytes(tokenBytes);
54
string token = Convert.ToBase64String(tokenBytes);
58
public static AntiForgeryToken NewToken() {
59
string tokenString = GenerateRandomTokenString();
60
return new AntiForgeryToken() {
61
CreationDate = DateTime.Now,