在Asp Net Core应用程序中使用现有的Asp Net Framework机器密钥

时间:2018-05-29 06:51:49

标签: asp.net asp.net-core asp.net-core-2.0

我很少使用Net.Framework构建的ASP .NET应用程序在Web.config中共享相同的machineKey,因此当用户在一个应用程序中进行身份验证时,其他应用程序也会考虑对其进行身份验证。

现在我必须为这个使用asp net Core 2.0的俱乐部打造一个新的应用程序。是否有一个快速的解决方案,如何转换现有的"遗产" 

<system.web>
...
<machineKey decryption="AES" decryptionKey="blablabla" validation="SHA1" validationKey="blablabla" />
</system.web>

将在Core应用程序中使用?

编辑:实际的Net.Framework api正在使用基于令牌的身份验证:

using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
private void ConfigureOAuth(IAppBuilder app)
{
    OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
    //Token consumption from header "Authentication Bearer"
    app.UseOAuthBearerAuthentication(OAuthBearerOptions);
}

然后在[Authorize]上,框架使用机器密钥解码令牌。我猜的正确问题是如何使用手动提供的机器密钥在Core 2.0+中实现相同的功能来解密标头中发送的身份验证令牌。

1 个答案:

答案 0 :(得分:0)

为此,您可以使用很棒的库AspNetTicketBridge

令牌处理程序定义:

public class OwinBearerTokenMachineKeyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    public const string DefaultAuthScheme = "DefaultAuth";

    // List of supported decryption algorithms: DES | 3DES | AES
    private const string DefaultDecryptionAlgorithm = "<YOUR DECRYPTION ALGORIGHM>";

    // List of supported validation algorithms: SHA1 | MD5 | 3DES | AES | HMACSHA256 | HMACSHA384 | HMACSHA512
    private const string DefaultValidationAlgorithm = "<YOUR VALIDATION ALGORITHM>";

    private const string DefaultAuthorizationHeader = "Authorization";

    public OwinBearerTokenMachineKeyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
    {
    }

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        var token = Request.Headers[DefaultAuthorizationHeader][0].Remove(0, 7); // Bad code, don't use it... please

        // Get keys from machine keys section / another configuration file.
        var validationKey = "<YOUR VALIDATION KEY FROM MACHINE KEY CONFIG>";
        var decryptionKey = "<YOUR DECRYPTION KEY FROM MACHINE KEY CONFIG>";


        var ticket = MachineKeyTicketUnprotector.UnprotectOAuthToken(token, decryptionKey, validationKey, DefaultDecryptionAlgorithm, DefaultValidationAlgorithm);
        var newTicket = AuthenticationTicketConverter.Convert(ticket, DefaultAuthScheme);
        return Task.FromResult(AuthenticateResult.Success(newTicket));
    }
}

应用配置:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // ...

    app.UseAuthentication();
    app.UseAuthorization(); // Gives ability to use [Authorize] attribute

    // ...
}

public void ConfigureServices(IServiceCollection services)
{
    // ...

    RegisterAuthorization(services);

    // ...
}

private void RegisterAuthorization(IServiceCollection services)
{
    services.AddAuthentication(o => { o.DefaultScheme = OwinBearerTokenMachineKeyAuthenticationHandler.DefaultAuthScheme; })
            .AddScheme<AuthenticationSchemeOptions, OwinBearerTokenMachineKeyAuthenticationHandler>(OwinBearerTokenMachineKeyAuthenticationHandler.DefaultAuthScheme, o => { });
    services.AddAuthorization(); // Gives ability to use [Authorize] attribute
}

P.S。我花了两天时间来找到完成此任务的好的解决方案,但这似乎是最好的。

相关问题
最新问题