基本上我想要它,所以我可以为自己写一个加密/ MACed的cookie,就像ASP.NET表单身份验证提供程序.
有没有人有任何指点或想法?
解决方法
在当前的4.5框架中进行了一些挖掘之后,证明自动生成的密钥存储在HttpApplication.s_autogenKeys字节数组中.验证密钥是前64个字节,后跟24个字节的解密密钥.
如果您没有在4.5框架中选择加入新的加密内容,也就是说,您没有设置< httpRuntime targetFramework =“4.5”>在你的web.config(如果你有一个应用程序,你创建与以前的版本的框架的情况),那么你得到这样的键:
byte[] autogenKeys = (byte[])typeof(HttpRuntime).GetField("s_autogenKeys",BindingFlags.NonPublic | BindingFlags.Static).GetValue(null);
int validationKeySize = 64;
int decryptionKeySize = 24;
byte[] validationKey = new byte[validationKeySize];
byte[] decryptionKey = new byte[decryptionKeySize];
Buffer.BlockCopy(autogenKeys,validationKey,validationKeySize);
Buffer.BlockCopy(autogenKeys,validationKeySize,decryptionKey,decryptionKeySize);
// This is the IsolateApps bit,which is set for both keys
int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(HttpRuntime.AppDomainAppVirtualPath);
validationKey[0] = (byte)(pathHash & 0xff);
validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);
decryptionKey[0] = (byte)(pathHash & 0xff);
decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
两个键的默认值为AutoGenerate,IsolateApps; IsolateApps位要求将应用程序路径哈希的前四个字节复制到键的开头.
如果您选择加入cryptographic improvements in fx4.5,那么您必须挖掘MachineKeyMasterKeyProvider获得有效的密钥.
获取没有HttpApplication的密钥
HttpApplication通过从SetAutogenKeys()调用webengine4.dll中的本机方法获取其关键字.我们也可以自己调用DLL.我们需要知道的是我们的应用路径.
假设我们要获取根应用程序的自动生成的键“/”.
使用LinqPad
[DllImport(@"C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll")]
internal static extern int EcbCallISAPI(IntPtr pECB,int iFunction,byte[] bufferIn,int sizeIn,byte[] bufferOut,int sizeOut);
void Main()
{
string appPath = "/";
byte[] genKeys = new byte[1024];
byte[] autogenKeys = new byte[1024];
int res = EcbCallISAPI(IntPtr.Zero,4,genKeys,genKeys.Length,autogenKeys,autogenKeys.Length);
if (res == 1) {
// Same as above
int validationKeySize = 64;
int decryptionKeySize = 24;
byte[] validationKey = new byte[validationKeySize];
byte[] decryptionKey = new byte[decryptionKeySize];
Buffer.BlockCopy(autogenKeys,decryptionKeySize);
int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appPath);
validationKey[0] = (byte)(pathHash & 0xff);
validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);
decryptionKey[0] = (byte)(pathHash & 0xff);
decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
Console.WriteLine("DecryptionKey: {0}",decryptionKey.Aggregate(new StringBuilder(),(acc,c) => acc.AppendFormat("{0:x2}",c),acc => acc.ToString()));
Console.WriteLine("ValidationKey: {0}",validationKey.Aggregate(new StringBuilder(),acc => acc.ToString()));
}
}
从MachineKeyMasterKeyProvider获取密钥
通过使用internal constructor实例化MachineKeyMasterKeyProvider,然后传入如上面代码中获取的autogenKeys字节数组,可以访问新的fx4.5内容的键.提供程序具有GetEncryptionKey和GetValidationKey方法来获取实际的键.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
