Question

我有下面提到的代码：

string urlEncodedData = URL.Text;

byte[] encryptedData = HttpServerUtility.UrlTokenDecode(urlEncodedData);

Type machineKeySection = typeof(System.Web.Configuration.MachineKeySection);
Type[] paramTypes = new Type[] { typeof(bool), typeof(byte[]), typeof(byte[]), typeof(int), typeof(int) };
MethodInfo encryptOrDecryptData = machineKeySection.GetMethod("EncryptOrDecryptData", BindingFlags.Static | BindingFlags.NonPublic, null, paramTypes, null);

try
{
     byte[] decryptedData = (byte[])encryptOrDecryptData.Invoke(null, new object[] { false, encryptedData, null, 0, encryptedData.Length });
     string decrypted = Encoding.UTF8.GetString(decryptedData);

     decryptedLabel.BackColor = Color.Lime;
     decryptedLabel.Text = decrypted;
}
catch (TargetInvocationException)
{
     decryptedLabel.BackColor = Color.Red;
     decryptedLabel.Text = "Error decrypting data. Are you running your page on the same server and inside the same application as the web resource URL that was generated?";
}

它解密并告诉我有关webresource的详细信息。在当地它工作正常。 enter image description here

但是在制作方面，它总是给我以下来自catch块的信息

解密数据时出错。您是否在与生成的Web资源URL相同的服务器上运行页面？

我唯一的区别就是生产在HTTPS上。以上代码是否也适用于HTTPS，或者我是否必须对其进行更改？

Answer 1

我也使用此代码片段来解密webresource.axd参数，但最近它停止了工作。

也许这是将框架更改为4.5，因为我在.net源代码中找到了这条评论 - Page class，方法DecryptString http://referencesource.microsoft.com/#System.Web/UI/Page.cs,18cf7b1fe99faea6

if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider) {
            // ASP.NET 4.5 Crypto DCR: Go through the new AspNetCryptoServiceProvider
            // if we're configured to do so.
            ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(purpose, CryptoServiceOptions.CacheableOutput);
            clearData = cryptoService.Unprotect(protectedData);
        }
        else {
            // If we're not configured to go through the new crypto routines,
            // fall back to the standard MachineKey crypto routines.
#pragma warning disable 618 // calling obsolete methods
            clearData = MachineKeySection.EncryptOrDecryptData(fEncrypt: false, buf: protectedData, modifier: null, start: 0, length: protectedData.Length, useValidationSymAlgo: false, useLegacyMode: false, ivType: IVType.Hash);
#pragma warning restore 618 // calling obsolete methods
        }

您确定唯一的区别是http和https，也许是框架版本吗？

然而我使用方法DecryptString而不是EncryptOrDecryptData ，下面的代码对我有用。您也可以检查这是否适用于您：）

private static string Decrypt(string webResourceParameter)
    {
        var purposeType = Type.GetType("System.Web.Security.Cryptography.Purpose, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a");

        if (purposeType == null)
            return null;

        try
        {
            var purpose = Activator.CreateInstance(purposeType, "AssemblyResourceLoader.WebResourceUrl");

            const BindingFlags decryptFlags = BindingFlags.NonPublic | BindingFlags.Static;
            var decryptString = typeof (Page).GetMethod("DecryptString", decryptFlags);

            var decrypt = decryptString.Invoke(null, new[] {webResourceParameter, purpose}) as string;
            return decrypt;
        }
        catch (Exception ex)
        {
            return null;
        }
    }

解密在HTTPS实例上生成的WebResource.axd URL

1 个答案: