C#创建一个身份验证令牌来自的Guid结合40Char十六进制字符串(UUID)令牌、字符串、创建一个、身份验证
我正在写一个asp.net MVC应用程序驱动的IPhone应用程序。
我想在iPhone上的UUID看起来像这样给我:
2b6f0cc904d137be2e1730235f5664094b831186
在服务器我想生成一个GUID:
466853EB-157D-4795-B4D4-32658D85A0E0
在iPhone和服务器,我需要一个简单的aglorithm到这两个值结合成可以被传递的身份验证令牌。两者IPhone和ASP.NET MVC应用程序需要能够基于所述的UUID和GUID一遍一遍来计算的值。
所以这需要一个简单的算法,没有从.NET框架库。
完整的解决方案在这里
公共无效测试()
{
VAR的DeviceID = Guid.NewGuid();
VAR NEWID =2b6f0cc904d137be2e1730235f5664094b831186;
变种guidBytes = DeviceId.ToByteArray();
VAR iphoneBytes = StringToByteArray(NEWID);
byte []的XOR =新的字节[guidBytes.Length]
的for(int i = 0; I< guidBytes.Length;我++)
{
异或[I] =(字节)(guidBytes [I] ^ iphoneBytes [I]);
}
VAR的结果= ByteArrayToString(XOR);
}
公共静态的byte [] StringToByteArray(十六进制字符串)
{
INT NumberChars = hex.Length;
字节[]字节=新字节[NumberChars / 2];
的for(int i = 0; I< NumberChars;我+ = 2)
字节[I / 2] = Convert.ToByte(hex.Substring(1,2),16);
返回字节;
}
公共静态字符串ByteArrayToString(byte []的BA)
{
StringBuilder的十六进制=新的StringBuilder(ba.Length * 2);
的foreach(巴字节二)
hex.AppendFormat({0:X2},B);
返回hex.ToString();
}
解决方案
那么,iPhone的ID看起来像一个十六进制字符串,这样既转换为二进制和异或字节应该做到这一点。您可以将结果保存为一个数组,十六进制字符串或基本-64连接codeD字符串作为适合。
您将此称为一个身份验证令牌的方式是有些担忧,但是。会话ID必须是未predictable。你可能会考虑在服务器而不是一个GUID上生成的加密随机数据的数组。
修改
// GUID转换为字节数组服务器。
byte []的guidBytes = severGuid.ToByteArray();
//将iPhone的设备ID为数组
byte []的idBytes = StringToByteArray(iPhoneId);
可悲的是,似乎.NET不具有内置的方法转换到/自十六进制字符串,但这个主题已经被覆盖前:Convert字节数组到十六进制字符串,反之亦然
//一旦你已经XOR运算的字节数,CONVER结果为一个字符串。
字符串outputString = ByteArrayToString(outputBytes);
I am writing an asp.net MVC app that drives an IPhone application.
I want the Iphone to send me its UUID looks like this:
2b6f0cc904d137be2e1730235f5664094b831186
On the server I want to generate a Guid:
466853EB-157D-4795-B4D4-32658D85A0E0
On both the Iphone and the Server I need a simple aglorithm to combine these 2 values into an Auth token that can be passed around. Both the IPhone and the ASP.NET MVC app need to be able to compute the value over and over based on the UUID and the GUID.
So this needs to be a simple algorithm with no libraries from the .net framework.
Full Solution Here
public void Test()
{
var DeviceId = Guid.NewGuid();
var newId = "2b6f0cc904d137be2e1730235f5664094b831186";
var guidBytes = DeviceId.ToByteArray();
var iphoneBytes = StringToByteArray(newId);
byte[] xor = new byte[guidBytes.Length];
for (int i=0;i<guidBytes.Length;i++)
{
xor[i] = (byte) (guidBytes[i] ^ iphoneBytes[i]);
}
var result = ByteArrayToString(xor);
}
public static byte[] StringToByteArray(String hex)
{
int NumberChars = hex.Length;
byte[] bytes = new byte[NumberChars / 2];
for (int i = 0; i < NumberChars; i += 2)
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
return bytes;
}
public static string ByteArrayToString(byte[] ba)
{
StringBuilder hex = new StringBuilder(ba.Length * 2);
foreach (byte b in ba)
hex.AppendFormat("{0:x2}", b);
return hex.ToString();
}
解决方案
Well, the iPhone ID looks like a hex string, so converting both to binary and XORing the bytes ought to do it. You could store the result as an array, hex string, or base-64 encoded string as appropriate.
The way you refer to this as an "auth token" is a little concerning, however. Session ids must be unpredictable. You might consider generating an array of cryptographically random data on the server instead of a GUID.
Edit
// Convert the server GUID to a byte array.
byte[] guidBytes = severGuid.ToByteArray();
// Convert the iPhone device ID to an array
byte[] idBytes = StringToByteArray(iPhoneId);
Sadly, it seems .NET doesn't have a built-in method to convert to/from hex strings, but this subject has been covered before: Convert byte array to hex string and vice versa
// Once you've XORed the bytes, conver the result to a string.
string outputString = ByteArrayToString(outputBytes);
