角色cookie是如何加密的
本文关键字:加密 何加密 cookie 角色 | 更新日期: 2023-09-27 18:21:09
FormsAuthentication有一个加密和解密方法来推送和提取身份验证票证。角色有很多相同的方法,但它并没有告诉你使用了什么类型的加密,也没有告诉你如何解密。有人能告诉我正确的方向吗?我需要能够模拟一个角色Cookie进行测试。
编辑1:
这是一个我仍然存在的问题的例子。
SetLoggedInUserInHttpContext(User, Roles.GetRolesForUser(User.UserID.ToString()));
RQUserMembership member = new RQUserMembership();
QUserMembership mem = member.GetByUserAndPass(User.Username, User.Password);
FormsAuthentication.SetAuthCookie(mem.UserId.ToString(), true);
QGlobals.expireLoginProxyID();
RQLoginAttempt.LogSuccessfulAttempt(User.Username);
这是用户的设置
public static bool SetLoggedInUserInHttpContext(QUser User, string[] roles = null) {
if (HttpContext.Current != null) {
if (roles == null) {
roles = Roles.GetRolesForUser(User.UserID.ToString());
}
GenericIdentity genericIdentity = new GenericIdentity(User.UserID.ToString());
RolePrincipal genericUser = new RolePrincipal(genericIdentity); //rolesToSet
HttpContext.Current.User = genericUser;
return (User.UserID == QGlobals.GetLoggedInUserID());
} else {
return false;
}
}
我尝试获取字节[]:
HttpContext blah = HttpContext.Current;
string blah2 = HttpContext.Current.Request.Cookies[".ASPXROLES"].Value;
byte[] bytes = new byte[blah2.Length * sizeof(char)];
System.Buffer.BlockCopy(blah2.ToCharArray(), 0, bytes, 0, bytes.Length);
byte[] blah3 = MachineKey.Unprotect(bytes);
var str = System.Text.Encoding.Default.GetString(blah3);
我现在在blah3 = MachineKey.Unprotect(bytes); 上遇到错误
Error occurred during a cryptographic operation.
at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input)
at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData)
at System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider, Byte[] protectedData, String[] purposes)
at System.Web.Security.MachineKey.Unprotect(Byte[] protectedData, String[] purposes)
at Quorra.Repositories.RQUser.GetUserHomePageStats(Int32 UserID, Int32 HourInterval) in e:'Code'quorra'Quorra.Domain'Repositories'RQUser.cs:line 133
at Quorra.Admin.Controllers.HomeController.Home(Nullable`1 refreshBasketCount) in e:'Code'quorra'Quorra.Admin'Controllers'HomeController.cs:line 31
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.ActionInvocation.InvokeSynchronousActionMethod()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
at System.Web.Mvc.Async.AsyncResultWrapper.End[TResult](IAsyncResult asyncResult, Object tag)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass48.<InvokeActionMethodFilterAsynchronouslyRecursive>b__41()
任何指示都将不胜感激。
编辑2:
为了澄清,我需要能够为用户设置角色cookie,以便Roles.IsUserInRole();工作。现在,如果我传递userId,它就可以工作,因为它会转到角色提供程序并运行该方法,但为了检查登录的用户,它只测试cookie。我实际上不需要解密它,如果我能加密它,那就足够了。
用于表单身份验证的加密基于<system.web>下的<machineKey>元素。您可以有效地重新配置<machineKey>元素来控制加密。
请参阅此处了解更多信息。