我有一些数据,我想在ASP.NET MVC应用程序,以prevent用户篡改数据加密。我可以使用加密类来完成实际的加密/解密,没问题的。主要的问题是搞清楚在哪里存储加密密钥和管理更改。
I have some data I want to encrypt in an ASP.NET MVC application to prevent users from tampering with it. I can use the Cryptography classes to do the actual encryption/decryption, no problem there. The main problem is figuring out where to store the encryption key and managing changes to it.
由于ASP.NET已经保持对各种事物的machineKey(ViewData的加密等),我在想,如果有这让我加密/使用的machineKey解密自己数据的任何ASP.NET的功能呢?这样,我就不会去制定自己的密钥管理系统。
Since ASP.NET already maintains a machineKey for various things (ViewData encryption, etc), I was wondering if there were any ASP.NET functions which let me encrypt/decrypt my own data using the machineKey? This way I would not have to devise my own key management system.
新的在ASP.NET 4.0的machineKey 类不正是你想要的。
The new MachineKey class in ASP.NET 4.0 does exactly what you want.
例如:
public static class StringEncryptor {
public static string Encrypt(string plaintextValue) {
var plaintextBytes = Encoding.UTF8.GetBytes(plaintextValue);
return MachineKey.Encode(plaintextBytes, MachineKeyProtection.All);
}
public static string Decrypt(string encryptedValue) {
try {
var decryptedBytes = MachineKey.Decode(encryptedValue, MachineKeyProtection.All);
return Encoding.UTF8.GetString(decryptedBytes);
}
catch {
return null;
}
}
}
更新:正如here,小心你如何使用,或者你可以让别人伪造一个窗体身份验证令牌。
UPDATE: As mentioned here, be careful how you use this or you could allow someone to forge a forms authentication token.
上一篇:使用PyMongo作为Django后端后端、PyMongo、Django
下一篇:在Visual Studio(VS2008)远程调试,Windows窗体应用程序窗体、应用程序、Studio、Visual