Responding to comments : var changes

Author: harshgMSFT

src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs

@@ -35,7 +35,8 @@ public AntiForgery([NotNull] IClaimUidExtractor claimUidExtractor,
         /// <returns>An HTML string corresponding to an &lt;input type="hidden"&gt;
         /// element. This element should be put inside a &lt;form&gt;.</returns>
         /// <remarks>
-        /// This method has a side effect: A response cookie is set if there is no valid cookie associated with the request.
+        /// This method has a side effect: 
+        /// A response cookie is set if there is no valid cookie associated with the request.
         /// </remarks>
         public HtmlString GetHtml([NotNull] HttpContext context)
         {

src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenSerializer.cs

@@ -19,6 +19,7 @@ internal AntiForgeryTokenSerializer([NotNull] IDataProtector cryptoSystem)
 
         public AntiForgeryToken Deserialize(string serializedToken)
         {
+            Exception innerException = null;
             try
             {
                 using (MemoryStream stream = new MemoryStream(UrlTokenDecode(serializedToken)))
@@ -33,13 +34,14 @@ public AntiForgeryToken Deserialize(string serializedToken)
                     }
                 }
             }
-            catch
+            catch(Exception ex)
             {
                 // swallow all exceptions - homogenize error if something went wrong
+                innerException = ex;
             }
 
             // if we reached this point, something went wrong deserializing
-            throw new InvalidOperationException(Resources.AntiForgeryToken_DeserializationFailed);
+            throw new InvalidOperationException(Resources.AntiForgeryToken_DeserializationFailed, innerException);
         }
 
         /* The serialized format of the anti-XSRF token is as follows:
@@ -57,14 +59,14 @@ public AntiForgeryToken Deserialize(string serializedToken)
         private static AntiForgeryToken DeserializeImpl(BinaryReader reader)
         {
             // we can only consume tokens of the same serialized version that we generate
-            byte embeddedVersion = reader.ReadByte();
+            var embeddedVersion = reader.ReadByte();
             if (embeddedVersion != TokenVersion)
             {
                 return null;
             }
 
-            AntiForgeryToken deserializedToken = new AntiForgeryToken();
-            byte[] securityTokenBytes = reader.ReadBytes(AntiForgeryToken.SecurityTokenBitLength / 8);
+            var deserializedToken = new AntiForgeryToken();
+            var securityTokenBytes = reader.ReadBytes(AntiForgeryToken.SecurityTokenBitLength / 8);
             deserializedToken.SecurityToken = new BinaryBlob(AntiForgeryToken.SecurityTokenBitLength, securityTokenBytes);
             deserializedToken.IsSessionToken = reader.ReadBoolean();
 
@@ -73,7 +75,7 @@ private static AntiForgeryToken DeserializeImpl(BinaryReader reader)
                 bool isClaimsBased = reader.ReadBoolean();
                 if (isClaimsBased)
                 {
-                    byte[] claimUidBytes = reader.ReadBytes(AntiForgeryToken.ClaimUidBitLength / 8);
+                    var claimUidBytes = reader.ReadBytes(AntiForgeryToken.ClaimUidBitLength / 8);
                     deserializedToken.ClaimUid = new BinaryBlob(AntiForgeryToken.ClaimUidBitLength, claimUidBytes);
                 }
                 else
@@ -96,9 +98,9 @@ private static AntiForgeryToken DeserializeImpl(BinaryReader reader)
 
         public string Serialize([NotNull] AntiForgeryToken token)
         {
-            using (MemoryStream stream = new MemoryStream())
+            using (var stream = new MemoryStream())
             {
-                using (BinaryWriter writer = new BinaryWriter(stream))
+                using (var writer = new BinaryWriter(stream))
                 {
                     writer.Write(TokenVersion);
                     writer.Write(token.SecurityToken.GetData());

src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryTokenStore.cs

@@ -46,7 +46,7 @@ public async Task<AntiForgeryToken> GetFormTokenAsync(HttpContext httpContext)
         public void SaveCookieToken(HttpContext httpContext, AntiForgeryToken token)
         {
             string serializedToken = _serializer.Serialize(token);
-            CookieOptions options = new CookieOptions() { HttpOnly = true };
+            var options = new CookieOptions() { HttpOnly = true };
 
             // Note: don't use "newCookie.Secure = _config.RequireSSL;" since the default
             // value of newCookie.Secure is poulated out of band.

src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs

@@ -180,8 +180,8 @@ public async Task ValidateAsync([NotNull] HttpContext httpContext)
             CheckSSLConfig(httpContext);
 
             // Extract cookie & form tokens
-            AntiForgeryToken cookieToken = _tokenStore.GetCookieToken(httpContext);
-            AntiForgeryToken formToken = await _tokenStore.GetFormTokenAsync(httpContext);
+            var cookieToken = _tokenStore.GetCookieToken(httpContext);
+            var formToken = await _tokenStore.GetFormTokenAsync(httpContext);
 
             // Validate
             _validator.ValidateTokens(httpContext, ExtractIdentity(httpContext), cookieToken, formToken);
@@ -195,8 +195,8 @@ public void Validate([NotNull] HttpContext httpContext, string cookieToken, stri
             CheckSSLConfig(httpContext);
 
             // Extract cookie & form tokens
-            AntiForgeryToken deserializedCookieToken = DeserializeToken(cookieToken);
-            AntiForgeryToken deserializedFormToken = DeserializeToken(formToken);
+            var deserializedCookieToken = DeserializeToken(cookieToken);
+            var deserializedFormToken = DeserializeToken(formToken);
 
             // Validate
             _validator.ValidateTokens(httpContext, ExtractIdentity(httpContext), deserializedCookieToken, deserializedFormToken);

src/Microsoft.AspNet.Mvc.Core/AntiForgery/DefaultClaimUidExtractor.cs

@@ -53,9 +53,9 @@ private static IEnumerable<string> GetUniqueIdentifierParameters(ClaimsIdentity
 
         private static byte[] ComputeSHA256(IEnumerable<string> parameters)
         {
-            using (MemoryStream ms = new MemoryStream())
+            using (var ms = new MemoryStream())
             {
-                using (BinaryWriter bw = new BinaryWriter(ms))
+                using (var bw = new BinaryWriter(ms))
                 {
                     foreach (string parameter in parameters)
                     {
@@ -64,7 +64,7 @@ private static byte[] ComputeSHA256(IEnumerable<string> parameters)
 
                     bw.Flush();
 
-                    using (SHA256 sha256 = SHA256.Create())
+                    using (var sha256 = SHA256.Create())
                     {
                         byte[] retVal = sha256.ComputeHash(ms.ToArray(), 0, checked((int)ms.Length));
                         return retVal;

src/Microsoft.AspNet.Mvc.Core/AntiForgery/TokenProvider.cs

@@ -37,7 +37,7 @@ public AntiForgeryToken GenerateFormToken(HttpContext httpContext,
         {
             Contract.Assert(IsCookieTokenValid(cookieToken));
 
-            AntiForgeryToken formToken = new AntiForgeryToken()
+            var formToken = new AntiForgeryToken()
             {
                 SecurityToken = cookieToken.SecurityToken,
                 IsSessionToken = false