在ASP.NET中加密Cookie [英] Encrypt cookies in ASP.NET

问题描述

我想加密ASP.NET中的Cookie。

I would like to encrypt cookies in ASP.NET.

我遵循本文中的方法，但它的缺点是在内部方法上使用反射。这导致它在代码审查中被标记 - 这不是内在实现可能会改变的未来。

I have followed the method in this article, but it has the drawback that is uses reflection on an internal method. This has caused it to be flagged in a code review -- it is not future-proof as the internal implementation may change.

有没有相同功能的方法，不需要在内部方法上使用加密？

Is there a method with identical functionality which doesn't require using encryption on internal methods?

我是使用.NET Framework 3.5 SP1（假设我不能更改框架版本）

I am using .NET Framework 3.5 SP1 (Assume I cannot change framework versions)

推荐答案

为什么不使用在System.Security.Cryptography 中找到的加密和加密cookie名称当敏感时有价值吗？您可以编写一些实用功能来管理它很容易。示例效用函数：

Why not just use the encryption found in System.Security.Cryptography to encrypt and decrypt the cookie name and value when it's sensitive? You can write some utility functions to manage it pretty easily. Example utility functions:

private static void SetEncryptedCookie(string name, string value)
{
    var encryptName = SomeEncryptionMethod(name);
    Response.Cookies[encryptName].Value = SomeEncryptionMethod(value);
    //set other cookie properties here, expiry &c.
    //Response.Cookies[encryptName].Expires = ...
}

private static string GetEncryptedCookie(string name)
{
    //you'll want some checks/exception handling around this
    return SomeDecryptionMethod(
               Response.Cookies[SomeDecryptionMethod(name)].Value);
}

这篇关于在ASP.NET中加密Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！