利用ASP.NET的machineKey加密我自己的数据 [英] Leveraging ASP.NET machineKey For Encrypting My Own Data
问题描述
我有一些数据,我想在ASP.NET MVC应用程序,以prevent用户篡改数据加密。我可以使用加密类来完成实际的加密/解密,没问题的。主要的问题是搞清楚在哪里存储加密密钥和管理更改。
I have some data I want to encrypt in an ASP.NET MVC application to prevent users from tampering with it. I can use the Cryptography classes to do the actual encryption/decryption, no problem there. The main problem is figuring out where to store the encryption key and managing changes to it.
由于ASP.NET已经保持对各种事物的machineKey(ViewData的加密等),我在想,如果有这让我加密/使用的machineKey解密自己数据的任何ASP.NET的功能呢?这样,我就不会去制定自己的密钥管理系统。
Since ASP.NET already maintains a machineKey for various things (ViewData encryption, etc), I was wondering if there were any ASP.NET functions which let me encrypt/decrypt my own data using the machineKey? This way I would not have to devise my own key management system.
推荐答案
新的在ASP.NET 4.0的machineKey 类不正是你想要的。
The new MachineKey class in ASP.NET 4.0 does exactly what you want.
例如:
public static class StringEncryptor {
public static string Encrypt(string plaintextValue) {
var plaintextBytes = Encoding.UTF8.GetBytes(plaintextValue);
return MachineKey.Encode(plaintextBytes, MachineKeyProtection.All);
}
public static string Decrypt(string encryptedValue) {
try {
var decryptedBytes = MachineKey.Decode(encryptedValue, MachineKeyProtection.All);
return Encoding.UTF8.GetString(decryptedBytes);
}
catch {
return null;
}
}
}
更新:正如<一个href="http://blogs.msdn.com/b/webdev/archive/2012/10/22/cryptographic-improvements-in-asp-net-4-5-pt-1.aspx">here,小心你如何使用,或者你可以让别人伪造一个窗体身份验证令牌。
UPDATE: As mentioned here, be careful how you use this or you could allow someone to forge a forms authentication token.
这篇关于利用ASP.NET的machineKey加密我自己的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!