FormsAuthentication具有加密和解密方法来推送和提取身份验证票证。角色有很多相同的方法,但它并没有告诉你使用什么类型的加密,或者如何解密它。谁能指出我正确的方向?我需要能够模拟角色Cookie进行测试。
编辑1:
以下是我仍然遇到的问题的一个例子。
SetLoggedInUserInHttpContext(User, Roles.GetRolesForUser(User.UserID.ToString()));
RQUserMembership member = new RQUserMembership();
QUserMembership mem = member.GetByUserAndPass(User.Username, User.Password);
FormsAuthentication.SetAuthCookie(mem.UserId.ToString(), true);
QGlobals.expireLoginProxyID();
RQLoginAttempt.LogSuccessfulAttempt(User.Username);
以下是用户的设置
public static bool SetLoggedInUserInHttpContext(QUser User, string[] roles = null) {
if (HttpContext.Current != null) {
if (roles == null) {
roles = Roles.GetRolesForUser(User.UserID.ToString());
}
GenericIdentity genericIdentity = new GenericIdentity(User.UserID.ToString());
RolePrincipal genericUser = new RolePrincipal(genericIdentity); //rolesToSet
HttpContext.Current.User = genericUser;
return (User.UserID == QGlobals.GetLoggedInUserID());
} else {
return false;
}
}
我尝试获取byte []:
HttpContext blah = HttpContext.Current;
string blah2 = HttpContext.Current.Request.Cookies[".ASPXROLES"].Value;
byte[] bytes = new byte[blah2.Length * sizeof(char)];
System.Buffer.BlockCopy(blah2.ToCharArray(), 0, bytes, 0, bytes.Length);
byte[] blah3 = MachineKey.Unprotect(bytes);
var str = System.Text.Encoding.Default.GetString(blah3);
我现在在blah3 = MachineKey.Unprotect(bytes);
Error occurred during a cryptographic operation.
at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input)
at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData)
at System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider, Byte[] protectedData, String[] purposes)
at System.Web.Security.MachineKey.Unprotect(Byte[] protectedData, String[] purposes)
at Quorra.Repositories.RQUser.GetUserHomePageStats(Int32 UserID, Int32 HourInterval) in e:\Code\quorra\Quorra.Domain\Repositories\RQUser.cs:line 133
at Quorra.Admin.Controllers.HomeController.Home(Nullable`1 refreshBasketCount) in e:\Code\quorra\Quorra.Admin\Controllers\HomeController.cs:line 31
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.ActionInvocation.InvokeSynchronousActionMethod()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
at System.Web.Mvc.Async.AsyncResultWrapper.End[TResult](IAsyncResult asyncResult, Object tag)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass48.<InvokeActionMethodFilterAsynchronouslyRecursive>b__41()
任何方向都会受到赞赏。
编辑2:
为了澄清我需要能够为用户设置角色cookie,以便Roles.IsUserInRole();起作用。现在,如果我传递userId它可以工作,因为它进入角色提供程序并运行该方法,但是为了检查登录用户,它只是测试cookie。我实际上不需要能够解密它,如果我可以加密它,那就足够了。
答案 0 :(得分:2)
用于表单身份验证的加密基于<machineKey>下的<system.web>元素。您可以有效地重新配置<machineKey>元素以控制加密。
有关详细信息,请参阅here。