在 ASP.NET 中加密 cookie [英] Encrypt cookies in ASP.NET

问题描述

我想在 ASP.NET 中加密 cookie.

I would like to encrypt cookies in ASP.NET.

我遵循了本文中的方法，但它有缺点是在内部方法上使用反射.这导致它在代码审查中被标记——它不是面向未来的，因为内部实现可能会改变.

I have followed the method in this article, but it has the drawback that is uses reflection on an internal method. This has caused it to be flagged in a code review -- it is not future-proof as the internal implementation may change.

是否有一种功能相同且不需要对内部方法使用加密的方法?

Is there a method with identical functionality which doesn't require using encryption on internal methods?

我使用的是 .NET Framework 3.5 SP1(假设我无法更改框架版本)

I am using .NET Framework 3.5 SP1 (Assume I cannot change framework versions)

推荐答案

为什么不直接使用 在 System.Security.Cryptography 中找到的加密方法用于在敏感时加密和解密 cookie 名称和值?您可以编写一些实用函数来轻松管理它.实用函数示例:

Why not just use the encryption found in System.Security.Cryptography to encrypt and decrypt the cookie name and value when it's sensitive? You can write some utility functions to manage it pretty easily. Example utility functions:

private static void SetEncryptedCookie(string name, string value)
{
    var encryptName = SomeEncryptionMethod(name);
    Response.Cookies[encryptName].Value = SomeEncryptionMethod(value);
    //set other cookie properties here, expiry &c.
    //Response.Cookies[encryptName].Expires = ...
}

private static string GetEncryptedCookie(string name)
{
    //you'll want some checks/exception handling around this
    return SomeDecryptionMethod(
               Response.Cookies[SomeDecryptionMethod(name)].Value);
}

这篇关于在 ASP.NET 中加密 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！