获取当前ASP.NET机器密钥 [英] Getting the current ASP.NET machine key
问题描述
我多么希望自己能为当前应用程序的ASP.NET机键。这一点,当然很容易,只要一台机器的关键是在配置文件中指定的,但如果它被设置为自动生成则似乎没有成为一个公共方法在任何地方得到它。
I find myself wanting to get the ASP.NET machine key for the current application. This is, of course, easy if a machine key is specified in the configuration file, but if it's set to auto generate then there doesn't seem to be a public method anywhere to get it.
基本上我想它让我可以写我自己的加密/ MACed饼干,就像ASP.NET窗体身份验证提供者一样。
Basically I want at it so I can write an encrypted/MACed cookie for myself, just like the ASP.NET Forms Authentication provider does.
有没有人有任何指针或想法?
Does anyone have any pointers or ideas?
推荐答案
先生。好奇很好奇你的机器密钥和。在 MachineKeySection 没有好,因为他们得到的置零的初始化,该事件发生之前,你可以与反思阅读后。
Mr. Curious was curious about getting the machine key as well. The properties on the MachineKeySection are no good, as they get zeroed-out after initialization, which happens before you can read them with reflection.
一点在目前的4.5框架挖后,事实证明,自动生成的密钥存储在 HttpApplication.s_autogenKeys 字节数组。验证密钥是前64个字节,接着是解密密钥的24个字节。
After a bit of digging in the current 4.5 framework, turns out that the auto generated keys are stored in HttpApplication.s_autogenKeys byte array. The validation key is the first 64 bytes, followed by 24 bytes of the decryption key.
如果你没有选择加入到新的加密的东西,在4.5的框架,那就是你没有设置<的httpRuntime targetFramework =4.5> 中你的的web.config (这是情况下,如果您有与框架的previous版本创建的应用程序),那么你得到像这样的关键:
If you are not opting in into the new crypto stuff in 4.5 framework, that is, you didn't set <httpRuntime targetFramework="4.5"> in your web.config (which is the case if you have an app you created with a previous version of the framework), then you get to the keys like this:
byte[] autogenKeys = (byte[])typeof(HttpRuntime).GetField("s_autogenKeys", BindingFlags.NonPublic | BindingFlags.Static).GetValue(null);
int validationKeySize = 64;
int decryptionKeySize = 24;
byte[] validationKey = new byte[validationKeySize];
byte[] decryptionKey = new byte[decryptionKeySize];
Buffer.BlockCopy(autogenKeys, 0, validationKey, 0, validationKeySize);
Buffer.BlockCopy(autogenKeys, validationKeySize, decryptionKey, 0, decryptionKeySize);
// This is the IsolateApps bit, which is set for both keys
int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(HttpRuntime.AppDomainAppVirtualPath);
validationKey[0] = (byte)(pathHash & 0xff);
validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);
decryptionKey[0] = (byte)(pathHash & 0xff);
decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
这两个键的默认值为自动生成,IsolateApps ;在 IsolateApps 位需要你的前四个字节的应用程序路径哈希复制到关键的开始。
The default for both keys is AutoGenerate,IsolateApps; the IsolateApps bit requires that you copy the first four bytes of the application path hash to the beginning of the key.
如果您选择在进入<一个href=\"http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-in-asp-net-4-5-pt-2.aspx\"相对=在fx4.5 nofollow的>加密的改进,那么你就必须围绕挖<一个href=\"http://referencesource.microsoft.com/#System.Web/Security/Cryptography/MachineKeyMasterKeyProvider.cs\"相对=nofollow> MachineKeyMasterKeyProvider 得到有效密钥。
If you opted in into the cryptographic improvements in fx4.5, then you'll have to dig around the MachineKeyMasterKeyProvider to get the valid keys.
的的HttpApplication 通过调用在 webengine4.dll 本机方法从的 SetAutogenKeys() 。我们可以调用到DLL自己为好。所有我们需要知道的是我们的应用程序的路径。
The HttpApplication gets its keys by calling into a native method in webengine4.dll from SetAutogenKeys(). We can call into the DLL ourselves as well. All we need to know is our application path.
让我们说,我们想要得到自动生成的根应用程序键, /
Let's say that we want to get the auto generated keys for the root application, "/".
使用LinqPad:
[DllImport(@"C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll")]
internal static extern int EcbCallISAPI(IntPtr pECB, int iFunction, byte[] bufferIn, int sizeIn, byte[] bufferOut, int sizeOut);
void Main()
{
string appPath = "/";
byte[] genKeys = new byte[1024];
byte[] autogenKeys = new byte[1024];
int res = EcbCallISAPI(IntPtr.Zero, 4, genKeys, genKeys.Length, autogenKeys, autogenKeys.Length);
if (res == 1) {
// Same as above
int validationKeySize = 64;
int decryptionKeySize = 24;
byte[] validationKey = new byte[validationKeySize];
byte[] decryptionKey = new byte[decryptionKeySize];
Buffer.BlockCopy(autogenKeys, 0, validationKey, 0, validationKeySize);
Buffer.BlockCopy(autogenKeys, validationKeySize, decryptionKey, 0, decryptionKeySize);
int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appPath);
validationKey[0] = (byte)(pathHash & 0xff);
validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);
decryptionKey[0] = (byte)(pathHash & 0xff);
decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
Console.WriteLine("DecryptionKey: {0}", decryptionKey.Aggregate(new StringBuilder(), (acc, c) => acc.AppendFormat("{0:x2}", c), acc => acc.ToString()));
Console.WriteLine("ValidationKey: {0}", validationKey.Aggregate(new StringBuilder(), (acc, c) => acc.AppendFormat("{0:x2}", c), acc => acc.ToString()));
}
}
获取密钥从MachineKeyMasterKeyProvider
新fx4.5东西的关键是通过实例化 MachineKeyMasterKeyProvider 与<一个访问href=\"http://referencesource.microsoft.com/#System.Web/Security/Cryptography/MachineKeyMasterKeyProvider.cs,36\"相对=nofollow>内部构造,然后传递如上code获得 autogenKeys 字节数组。提供者有方法调用getEncryptionKey 和 GetValidationKey 去实际的密钥。
Getting the keys from MachineKeyMasterKeyProvider
The keys for the new fx4.5 stuff are accessible by instantiating the MachineKeyMasterKeyProvider with the internal constructor, and then passing in autogenKeys byte array obtained as in the code above. The provider has methods GetEncryptionKey and GetValidationKey to get to actual keys.
这篇关于获取当前ASP.NET机器密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
