基本上我想要它,所以我可以为自己写一个加密/ MACed的cookie,就像ASP.NET表单身份验证提供程序.
有没有人有任何指点或想法?
解决方法
在当前的4.5框架中进行了一些挖掘之后,证明自动生成的密钥存储在HttpApplication.s_autogenKeys字节数组中.验证密钥是前64个字节,后跟24个字节的解密密钥.
如果您没有在4.5框架中选择加入新的加密内容,也就是说,您没有设置< httpRuntime targetFramework =“4.5”>在你的web.config(如果你有一个应用程序,你创建与以前的版本的框架的情况),那么你得到这样的键:
byte[] autogenKeys = (byte[])typeof(HttpRuntime).GetField("s_autogenKeys",BindingFlags.NonPublic | BindingFlags.Static).GetValue(null); int validationKeySize = 64; int decryptionKeySize = 24; byte[] validationKey = new byte[validationKeySize]; byte[] decryptionKey = new byte[decryptionKeySize]; Buffer.BlockCopy(autogenKeys,validationKey,validationKeySize); Buffer.BlockCopy(autogenKeys,validationKeySize,decryptionKey,decryptionKeySize); // This is the IsolateApps bit,which is set for both keys int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(HttpRuntime.AppDomainAppVirtualPath); validationKey[0] = (byte)(pathHash & 0xff); validationKey[1] = (byte)((pathHash & 0xff00) >> 8); validationKey[2] = (byte)((pathHash & 0xff0000) >> 16); validationKey[3] = (byte)((pathHash & 0xff000000) >> 24); decryptionKey[0] = (byte)(pathHash & 0xff); decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8); decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16); decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
两个键的默认值为AutoGenerate,IsolateApps; IsolateApps位要求将应用程序路径哈希的前四个字节复制到键的开头.
如果您选择加入cryptographic improvements in fx4.5,那么您必须挖掘MachineKeyMasterKeyProvider获得有效的密钥.
获取没有HttpApplication的密钥
HttpApplication通过从SetAutogenKeys()
调用webengine4.dll中的本机方法获取其关键字.我们也可以自己调用DLL.我们需要知道的是我们的应用路径.
假设我们要获取根应用程序的自动生成的键“/”.
使用LinqPad
[DllImport(@"C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll")] internal static extern int EcbCallISAPI(IntPtr pECB,int iFunction,byte[] bufferIn,int sizeIn,byte[] bufferOut,int sizeOut); void Main() { string appPath = "/"; byte[] genKeys = new byte[1024]; byte[] autogenKeys = new byte[1024]; int res = EcbCallISAPI(IntPtr.Zero,4,genKeys,genKeys.Length,autogenKeys,autogenKeys.Length); if (res == 1) { // Same as above int validationKeySize = 64; int decryptionKeySize = 24; byte[] validationKey = new byte[validationKeySize]; byte[] decryptionKey = new byte[decryptionKeySize]; Buffer.BlockCopy(autogenKeys,decryptionKeySize); int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appPath); validationKey[0] = (byte)(pathHash & 0xff); validationKey[1] = (byte)((pathHash & 0xff00) >> 8); validationKey[2] = (byte)((pathHash & 0xff0000) >> 16); validationKey[3] = (byte)((pathHash & 0xff000000) >> 24); decryptionKey[0] = (byte)(pathHash & 0xff); decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8); decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16); decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24); Console.WriteLine("DecryptionKey: {0}",decryptionKey.Aggregate(new StringBuilder(),(acc,c) => acc.AppendFormat("{0:x2}",c),acc => acc.ToString())); Console.WriteLine("ValidationKey: {0}",validationKey.Aggregate(new StringBuilder(),acc => acc.ToString())); } }
从MachineKeyMasterKeyProvider获取密钥
通过使用internal constructor实例化MachineKeyMasterKeyProvider,然后传入如上面代码中获取的autogenKeys字节数组,可以访问新的fx4.5内容的键.提供程序具有GetEncryptionKey和GetValidationKey方法来获取实际的键.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。