我发现自己想要获得当前应用程序的ASP.NET机器密钥.当然,如果在配置文件中指定了机器密钥,那么这是很容易的,但是如果设置为自动生成,那么在任何地方似乎都不存在公共方法.
基本上我想要它,所以我可以为自己写一个加密/ MACed的cookie,就像ASP.NET表单身份验证提供程序.
有没有人有任何指点或想法?
解决方法
好奇先生好奇也有机器钥匙. MachineKeySection上的属性并不好,因为它们可以得到
zeroed-out after initialization,这在您可以用反射来读取之前发生.
在当前的4.5框架中进行了一些挖掘之后,证明自动生成的密钥存储在HttpApplication.s_autogenKeys字节数组中.验证密钥是前64个字节,后跟24个字节的解密密钥.
如果您没有在4.5框架中选择加入新的加密内容,也就是说,您没有设置< httpRuntime targetFramework =“4.5”>在你的web.config(如果你有一个应用程序,你创建与以前的版本的框架的情况),那么你得到这样的键:
byte[] autogenKeys = (byte[])typeof(HttpRuntime).GetField("s_autogenKeys",BindingFlags.NonPublic | BindingFlags.Static).GetValue(null);
int validationKeySize = 64;
int decryptionKeySize = 24;
byte[] validationKey = new byte[validationKeySize];
byte[] decryptionKey = new byte[decryptionKeySize];
Buffer.BlockCopy(autogenKeys,validationKey,validationKeySize);
Buffer.BlockCopy(autogenKeys,validationKeySize,decryptionKey,decryptionKeySize);
// This is the IsolateApps bit,which is set for both keys
int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(HttpRuntime.AppDomainAppVirtualPath);
validationKey[0] = (byte)(pathHash & 0xff);
validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);
decryptionKey[0] = (byte)(pathHash & 0xff);
decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
两个键的默认值为AutoGenerate,IsolateApps; IsolateApps位要求将应用程序路径哈希的前四个字节复制到键的开头.
如果您选择加入cryptographic improvements in fx4.5,那么您必须挖掘MachineKeyMasterKeyProvider获得有效的密钥.
获取没有HttpApplication的密钥
HttpApplication通过从SetAutogenKeys()调用webengine4.dll中的本机方法获取其关键字.我们也可以自己调用DLL.我们需要知道的是我们的应用路径.
使用LinqPad
[DllImport(@"C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll")]
internal static extern int EcbCallISAPI(IntPtr pECB,int iFunction,byte[] bufferIn,int sizeIn,byte[] bufferOut,int sizeOut);
void Main()
{
string appPath = "/";
byte[] genKeys = new byte[1024];
byte[] autogenKeys = new byte[1024];
int res = EcbCallISAPI(IntPtr.Zero,4,genKeys,genKeys.Length,autogenKeys,autogenKeys.Length);
if (res == 1) {
// Same as above
int validationKeySize = 64;
int decryptionKeySize = 24;
byte[] validationKey = new byte[validationKeySize];
byte[] decryptionKey = new byte[decryptionKeySize];
Buffer.BlockCopy(autogenKeys,decryptionKeySize);
int pathHash = StringComparer.InvariantCultureIgnoreCase.GetHashCode(appPath);
validationKey[0] = (byte)(pathHash & 0xff);
validationKey[1] = (byte)((pathHash & 0xff00) >> 8);
validationKey[2] = (byte)((pathHash & 0xff0000) >> 16);
validationKey[3] = (byte)((pathHash & 0xff000000) >> 24);
decryptionKey[0] = (byte)(pathHash & 0xff);
decryptionKey[1] = (byte)((pathHash & 0xff00) >> 8);
decryptionKey[2] = (byte)((pathHash & 0xff0000) >> 16);
decryptionKey[3] = (byte)((pathHash & 0xff000000) >> 24);
Console.WriteLine("DecryptionKey: {0}",decryptionKey.Aggregate(new StringBuilder(),(acc,c) => acc.AppendFormat("{0:x2}",c),acc => acc.ToString()));
Console.WriteLine("ValidationKey: {0}",validationKey.Aggregate(new StringBuilder(),acc => acc.ToString()));
}
}
从MachineKeyMasterKeyProvider获取密钥
通过使用internal constructor实例化MachineKeyMasterKeyProvider,然后传入如上面代码中获取的autogenKeys字节数组,可以访问新的fx4.5内容的键.提供程序具有GetEncryptionKey和GetValidationKey方法来获取实际的键.
