角色cookie是如何加密的

本文关键字:加密 何加密 cookie 角色 | 更新日期: 2023-09-27 18:21:09

FormsAuthentication有一个加密和解密方法来推送和提取身份验证票证。角色有很多相同的方法,但它并没有告诉你使用了什么类型的加密,也没有告诉你如何解密。有人能告诉我正确的方向吗?我需要能够模拟一个角色Cookie进行测试。

编辑1:

这是一个我仍然存在的问题的例子。

SetLoggedInUserInHttpContext(User, Roles.GetRolesForUser(User.UserID.ToString()));
RQUserMembership member = new RQUserMembership();
QUserMembership mem = member.GetByUserAndPass(User.Username, User.Password);
FormsAuthentication.SetAuthCookie(mem.UserId.ToString(), true);
QGlobals.expireLoginProxyID();
RQLoginAttempt.LogSuccessfulAttempt(User.Username);

这是用户的设置

        public static bool SetLoggedInUserInHttpContext(QUser User, string[] roles = null) {
        if (HttpContext.Current != null) {
            if (roles == null) {
                roles = Roles.GetRolesForUser(User.UserID.ToString());
            } 
            GenericIdentity genericIdentity = new GenericIdentity(User.UserID.ToString());
            RolePrincipal genericUser = new RolePrincipal(genericIdentity); //rolesToSet
            HttpContext.Current.User = genericUser;
            return (User.UserID == QGlobals.GetLoggedInUserID());
        } else {
            return false;
        }
    }

我尝试获取字节[]:

        HttpContext blah = HttpContext.Current;
        string blah2 = HttpContext.Current.Request.Cookies[".ASPXROLES"].Value;
        byte[] bytes = new byte[blah2.Length * sizeof(char)];
        System.Buffer.BlockCopy(blah2.ToCharArray(), 0, bytes, 0, bytes.Length);
        byte[] blah3 = MachineKey.Unprotect(bytes);
        var str = System.Text.Encoding.Default.GetString(blah3);

我现在在blah3 = MachineKey.Unprotect(bytes); 上遇到错误

Error occurred during a cryptographic operation.
   at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input)
   at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData)
   at System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider, Byte[] protectedData, String[] purposes)
   at System.Web.Security.MachineKey.Unprotect(Byte[] protectedData, String[] purposes)
   at Quorra.Repositories.RQUser.GetUserHomePageStats(Int32 UserID, Int32 HourInterval) in e:'Code'quorra'Quorra.Domain'Repositories'RQUser.cs:line 133
   at Quorra.Admin.Controllers.HomeController.Home(Nullable`1 refreshBasketCount) in e:'Code'quorra'Quorra.Admin'Controllers'HomeController.cs:line 31
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.ActionInvocation.InvokeSynchronousActionMethod()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncResultWrapper.End[TResult](IAsyncResult asyncResult, Object tag)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass48.<InvokeActionMethodFilterAsynchronouslyRecursive>b__41()

任何指示都将不胜感激。

编辑2:

为了澄清,我需要能够为用户设置角色cookie,以便Roles.IsUserInRole();工作。现在,如果我传递userId,它就可以工作,因为它会转到角色提供程序并运行该方法,但为了检查登录的用户,它只测试cookie。我实际上不需要解密它,如果我能加密它,那就足够了。

角色cookie是如何加密的

用于表单身份验证的加密基于<system.web>下的<machineKey>元素。您可以有效地重新配置<machineKey>元素来控制加密。

请参阅此处了解更多信息。