在ASP.NET 2.0中配置MachineKey

原文

概述：

MachineKey原始配置状态：

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="Auto" />

validation和validationkey用于产生hashcode来防止篡改，decryption和 decryptionKey用于加密解密。只有默认情况下viewstate是防篡改的，而formauthentiaction是防篡改和加密的，只有在WebFarm或跨程序进行form认证的情况下才需要修改validationkey和decryptionKey。如果使用了角色管理并使用了role cache 那么会产生一个role cookie默认情况下使用与form认证一样的机制进行加密。

ViewState：

<pages enableViewStateMac="true"（防篡改） viewStateEncryptionMode="Auto" （加密） />时server根据比较由validationKey产生的hashcode来防止篡改。该值同样在formauthentication,role manager和anonymous identification中用到。

当validation为AES和3DES并且page中viewStateEncryptionMode设为auto或always时会根据decryptionKey的值加密解密viewstate.

Form Authentication Tickets:

设置decryption并配置forms配置节中的protection属性

<system.web>
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="login.aspx" protection="All"/>
</authentication>
</system.web>

MemberShip:

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType=""> <providers> <clear /> <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresUniqueEmail="false" passwordFormat="Encrypted" .../> </providers> </membership>

Anonymous Identification:

<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="Encrypted" cookieless="UseCookies" domain="" />

Role Cookies:

<roleManager enabled="true"
cacheRolesInCookie="true"
cookieProtection="All" ... />

产生加密码的代码：

using System;
using System.Text;
using System.Security;
using System.Security.Cryptography;

class App {
static void Main(string[] argv) {
int len = 128;
if (argv.Length > 0)
len = int.Parse(argv[0]);
byte[] buff = new byte[len/2];
RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
rng.GetBytes(buff);
StringBuilder sb = new StringBuilder(len);
for (int i=0; i<buff.Length; i++)
sb.Append(string.Format("{0:X2}", buff[i]));
Console.WriteLine(sb);
}
}