读取cookie值:使用URL重写模块供应商 - 无法在System.Web.Configuration.MachineKeySection.EncryptOrDecryptData验证 [英] Reading cookie value : Using URL Rewrite Provider module - Unable to validate at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData
问题描述
我已经要求使用URL重写模块追加 USERNAME 到URL中的服务器端。
为什么?
我有网站的站点1 ,当到site1的用户登录,他会看到一个链接的站点2。,此链接网址或报告。 (的Tableau)。
身份验证票证已使用的 FormAuthentication 在站点1创建。
当用户点击该链接,通过身份验证的用户名应传递给SITE2。
我可以追加从客户端的用户名,但由于安全问题,我有被执行之前,服务器端添加用户名网址。
因此,我已决定使用URL重写提供商,它通过解密cookie值抓住的用户名如下图所示。
命名空间PlatformAnalysisUrlProvider.PlatformAnalysisProvider
{
类AnalysisRewriteProvider:IRewriteProvider,IProviderDescriptor
{
公共无效初始化(IDictionary的<字符串,字符串>设置,
IRewriteContext rewriteContext)
{ } 公共字符串重写(字符串值)
{
字符串[] = cookievalues value.Spli('=');
FormAuthentication票= FormAuthentication.Decrypt(cookievalues [1]); //如下图所示解密抛出错误
}
}
}
cookie的值
cookievalues [0] =有钥匙 cookievalues [1] =具有值
例如:
233AWJDKSHFHFDSHFJKDFDKJFHDKJFKDJFHDHFDHFKJHDFKJHDFJHDKJFHDSKJFHDF
这是一个cookie的值。但解密没有发生
我收到以下错误
无法验证数据。
在System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(
布尔fEncrypt,字节[] buf中,字节[]修饰符,的Int32开始,
INT32长,IVType ivType,布尔useValidationSymAlgo,
布尔signData)
下面是我在IIS中设置URL重写
- 请求的URL:匹配模式
- 使用:普通防爆pression
- 忽略大小写 - 选中
- 条件 -
输入:{} HTTP_COOKIE
类型:匹配模式
模式:* - 动作类型 - 重写
- 重写URL - http://11.155.011.123{HTTP_URL}&USERNAME={PlatformAnalysisUrlProvider:{C:0}}
<一个href=\"http://stackoverflow.com/questions/4035471/sharing-authentication-between-two-web-applications\">I还设立了计算机密钥本次论坛的建议
<一个href=\"http://www.iis.net/learn/extensions/url-rewrite-module/developing-a-custom-rewrite-provider-for-url-rewrite-module\"相对=nofollow>我已经提到这个职位发展
一个堆栈溢出后认为,这可能是防火墙或防病毒的问题。但是,我没有安装防病毒软件或firwall启用。
这真的帮助,如果有人告诉我到网站托管在IIS和URL重写提供商使用的 code样品。
更新错误日志
MODULE_SET_RESPONSE_ERROR_STATUS
通知 - pre_BEGIN_REQUEST
HTT preason - URL重写模块错误
更新后与计算机密钥信息
&LT;的machineKey描述=AES验证=SHA1
descriptionKey =******
的validationKey =******CompatibilityMode =Framework20SP2&GT;
原因可能是 - 在越来越创建的cookie使用.NET Framework 4.5开发的网站。我们读的cookie的供应商是框架3.5。难道这可能是原因?还是我们需要提供项目的配置文件?
更新 - 我增加了机器关键的Machine.config,但它仍然没有工作:(
替代解决方案
-
添加到的App.config图书馆类
&LT;?XML版本=1.0编码=UTF-8&GT?;
&LT;结构&gt;
&LT;&的appSettings GT;
&LT;! - ... - &GT;
&LT;添加键=SecurityKeyVALUE =someValue中/&GT;
&LT;! - ... - &GT;
&LT; /的appSettings&GT;
&LT; /结构&gt; -
复制config来GAC
按照此博客 - http://techphile.blogspot.in/2007/02/2.html -
加密值(这里指)和登录过程中创建自定义的cookie
- 使用Decrption逻辑的自定义重写提供内部
这个的好处是,错误的是一般的解密错误,而不是一个与URL重写本身,因此,为您提供更广阔的领域寻找帮助。 URL重写的机制似乎是正确的。
解密意味着它必须通过同样的方法,你解密它进行加密。所以它是正确的cookie和正确的解密方法。
既然你不检查,你从阅读这些cookie,您可能会得到意外的结果,如果错了cookie是先在cookie的列表。
下面有一些步骤,我建议来解决此:
- 创建一个简单的URL重写规则,这将使你的cookie的值。我创建了一个规则来做到这一点下面的示例所示。你可以去yoursite.com/getcookie测试。它应该重定向到yoursite.com/?Cookie={cookievalue}
- 然后你就可以测试你的code中的URL重写提供商之外。您可以创建一个简单的控制台应用程序或WinForms应用程序来测试code的其余部分。
- 我建议再为第二个值增加对cookie的存在性的检查,然后进行检查。例如:如果(cookievalues [1]!= NULL)的。
- 在当前开发的解密方法,你不必担心URL重写。只要它在.NET中测试应用程序,那么你应该设置。
&LT;规则名称=获取cookie值stopProcessing =真&GT;\r
&LT;匹配URL =^的getCookie/&GT;\r
&lt;作用TYPE =重定向URL =?/曲奇= {} HTTP_COOKIEappendQueryString =假redirectType =发现/&GT;\r
&LT; /规则&GT; \r
I have requirement to append USERNAME to the URL in server side using URL Rewrite module.
Why?: I have website site1, when USER logs in to site1, he will see a link to site2., This link is URL or reports. (Tableau). Authenticated ticket has been created using FormAuthentication in site1. When USER clicks the link, authenticated username should be passed to site2.
I could append username from client side, but due to security issues I have to append username to URL in server side before it gets executed.
So I have decided to use URL rewrite provider, which grabs the username by decrypting the cookie value as shown below
namespace PlatformAnalysisUrlProvider.PlatformAnalysisProvider
{
class AnalysisRewriteProvider: IRewriteProvider, IProviderDescriptor
{
public void Initialize(IDictionary<string, string> settings,
IRewriteContext rewriteContext)
{
}
public string Rewrite(string value)
{
string[] cookievalues = value.Spli('=');
FormAuthentication ticket = FormAuthentication.Decrypt(cookievalues[1]);
//Decrypt throws error as shown below
}
}
}
Cookie Values
cookievalues [0] = has the key
cookievalues [1] = has the value
Example:
233AWJDKSHFHFDSHFJKDFDKJFHDKJFKDJFHDHFDHFKJHDFKJHDFJHDKJFHDSKJFHDF
It's a cookie value. But decrypt is not happening
I am getting following error
Unable to validate data.
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(
Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start,
Int32 length, IVType ivType, Boolean useValidationSymAlgo,
Boolean signData)
Here is my settings in IIS for URL Rewrite
- Requested URL: Matches the Patterns
- Using: Regular Expression
- Ignore Case - Checked
- Conditions - Input : {HTTP_COOKIE} Type : Matches the Pattern Pattern : .*
- Action Type - Rewrite
- Rewrite URL - http://11.155.011.123{HTTP_URL}&USERNAME={PlatformAnalysisUrlProvider:{C:0}}
I have also set up MACHINE KEY as suggested by this forum
I have referred this post for development
One of the stack overflow post suggested that it might be firewall or antivirus issue. But I do not have antivirus installed or firwall enabled.
It really helps if someone direct me to code sample where web site hosted in IIS and URL Rewrite provider is used.
Updating Error Log
MODULE_SET_RESPONSE_ERROR_STATUS Notification - "PRE_BEGIN_REQUEST" HttpReason - "URL Rewrite Module Error"
Updating post with Machine Key Info
<MachineKey Description="AES" validation="SHA1"
descriptionKey="******"
validationKey="******" CompatibilityMode="Framework20SP2">
Reason May be - The website where cookie getting created is developed using .NET Framework 4.5. The provider where we reading the cookie is Framework 3.5. Is this may be the cause? OR Do we need config file for Provider project?
Updates - I have added machine key to Machine.config , but it still did not work :(
Alternative Solution
Add App.config to class Library
<?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <!-- ... --> <add key="SecurityKey" value="somevalue"/> <!-- ... --> </appSettings> </configuration>Copy config to GAC Follow this blog - http://techphile.blogspot.in/2007/02/2.html
Encrypt the value (refer here) and create custom cookie during Login
- Use the Decrption logic inside custom rewrite provider
The good thing about this is that the error is a general decryption error and not one with URL Rewrite itself, so that gives you a wider area to search for help. The mechanics of URL Rewrite seem to be right.
Decrypting means that it must be encrypted by the same method as you're decrypting it. So it has to be the right cookie and the right decryption method.
Since you're not checking which cookie that you're reading from, you could get unexpected results if the wrong cookie is first in the list of cookies.
Here are some steps that I recommend to troubleshoot this:
- Create a simple URL Rewrite rule that will give you the value of your cookie. I created a rule to do that in my example below. You can test it by going to yoursite.com/getcookie. It should redirect to yoursite.com/?Cookie={cookievalue}
- Then you can test your code outside of the URL Rewrite provider. You can create a simple console app or winforms app to test the rest of the code.
- I recommend adding a check for the existence of the cookie and then a check again for the 2nd value. For example: if (cookievalues[1] != null).
- When developing the decryption method, you don't have to worry about URL Rewrite. As long as it works in a test app in .NET then you should be set.
<rule name="Get cookie value" stopProcessing="true">
<match url="^getcookie" />
<action type="Redirect" url="/?Cookie={HTTP_COOKIE}" appendQueryString="false" redirectType="Found" />
</rule>
这篇关于读取cookie值:使用URL重写模块供应商 - 无法在System.Web.Configuration.MachineKeySection.EncryptOrDecryptData验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
