ASP.NET的machineKey配置节的默认位置 [英] ASP.NET machineKey config section default location
问题描述
在哪里可以找到ASP.NET的的machineKey 配置节?
Where do I find the machineKey config section for ASP.NET?
我还没有一个在我的应用程序的Web.config ,没有一个根的Web.config ,并没有一个在我的的machine.config 。
I don't have one in my application Web.config, there isn't one in the root Web.config and there isn't one in my machine.config.
这是否意味着有一些其他的默认硬coded到ASP.NET?如果是这样,什么是默认?(对于.NET 2和4)
Does this mean there is some other default hardcoded into ASP.NET? If so, what are the defaults? (For .NET 2 and 4)
读到这里:<一href=\"http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx\">http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
我期待找到这样的事情,地方:
i was expecting to find something like this, somewhere:
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
/>
编辑: 1.1的文档似乎相当明确WRT的默认值:<一个href=\"http://msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx\">http://msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx但4文档是比较模糊的<一个href=\"http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx\">http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
the 1.1 docs seem fairly clear wrt default values: http://msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx but the 4 docs are rather ambiguous http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
推荐答案
的machineKey 在的System.Web 位于在输入的web.config
漱口的web.config架构 MSDN链接。
Refer MSDN link for web.config Schema.
如果你没有看到它在你的web.config,你可以再补充它。
If you dont see it in your web.config, you can just add it there.
要提供防篡改的ViewState,散列消息认证code(HMAC)从ViewState的内容产生和散列上后续请求进行比较。 的验证属性指示要使用的哈希算法,它默认为SHA1,它使用HMACSHA1算法。作为哈希有效的选择包括SHA1或MD5,虽然SHA1是preferable,因为它产生一个更大的哈希,被认为是加密比MD5强。的结合使用与ViewState的内容以产生HMAC validationKey属性。如果你的应用程序安装在Web场中,您需要从自动生成,IsolateApps的的validationKey更改为特定的手动生成的键值。
To provide tamper proof ViewState, a hashed message authentication code (HMAC) is generated from the ViewState content and the hash is compared on subsequent requests. The validation attribute of the indicates which hashing algorithm to use, and it defaults to SHA1, which uses the HMACSHA1 algorithm. Valid choices for hashing include SHA1 or MD5, although SHA1 is preferable because it produces a larger hash and is considered cryptographically stronger than MD5. The validationKey attribute of is used in conjunction with the ViewState content to produce the HMAC. If your application is installed in a Web farm, you need to change the validationKey from AutoGenerate,IsolateApps to a specific manually generated key value.
为&LT的默认设置;网页&GT; 和&LT;的machineKey&GT; 元素中定义在机器级web.config.comments 文件。
The default settings for the <pages> and <machineKey> elements are defined in the machine-level web.config.comments file.
有关的machineKey,他们是
For machineKey, they are
<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1" decryption="Auto" />
编辑:
对于.NET 4.0的默认算法已经改变以 SHA256
我认为找到违约的最简单的方法就是看这个配置值在MSDN中的条目。
EDIT : For .NET 4.0 the default algorithm has been changed to SHA256 I think that the easiest way of finding the defaults is to see the entry in the MSDN for this config value.
MSDN 4.0的machineKey是如下。选择的值是缺省值。
在[]中的值是该字段可以采取其他可选值。
我记得读某处,这是MSDN中的典型方式表示的配置值默认值。
MSDN 4.0 for machinekey is as below. The values selected are the default values. The values in [] are the other optional values that the field can take. I remember reading someplace this is the typical way in MSDN of denoting defaults for the config values.
<machineKey
validationKey="AutoGenerate,IsolateApps" [String]
decryptionKey="AutoGenerate,IsolateApps" [String]
validation="HMACSHA256" [SHA1 | MD5 | 3DES | AES | HMACSHA256 |
HMACSHA384 | HMACSHA512 | alg:algorithm_name]
decryption="Auto" [Auto | DES | 3DES | AES | alg:algorithm_name]
/>
这篇关于ASP.NET的machineKey配置节的默认位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
