【发布时间】:2013-08-29 17:59:27
【问题描述】:
我正在实现一个 CustomMembership Provider,第一部分工作,登录,注册等(我现在从 http://msdn.microsoft.com/en-us/library/vstudio/w8h3skw9(v=vs.100).aspx 中选择了 validationKey 和 decriptionKey)。
我的 Web.Config:
<system.web>
<machineKey validationKey="32E35872597989D14CC1D5D9F5B1E94238D0EE32CF10AA2D2059533DF6035F4F" decryptionKey="B179091DBB2389B996A526DE8BCD7ACFDBCAB04EF1D085481C61496F693DF5F4"/>
<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear />
<add name="CustomMembershipProvider" type="CustomMembership.CustomMembership.CustomMembershipProvider" connectionStringName="TestMembershipEntities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" passwordFormat="Encrypted" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="CustomRoleProvider">
<providers>
...
现在我需要使用 MD5。
方法EncryptPassword如果我在MachineKey中设置validation属性选择正确的算法?
switch (PasswordFormat)
{
case MembershipPasswordFormat.Clear:
break;
case MembershipPasswordFormat.Encrypted:
byte[] encryptedPass = EncryptPassword(Encoding.Unicode.GetBytes(password));
encodedPassword = Convert.ToBase64String(encryptedPass);
break;
case MembershipPasswordFormat.Hashed:
HMACSHA1 hash = new HMACSHA1();
hash.Key = HexToByte(machineKey.ValidationKey);
encodedPassword = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
break;
default:
throw new ProviderException("Unsupported password format.");
}
更改机器密钥
<machineKey validationKey="32E35872597989D14CC1D5D9F5B1E94238D0EE32CF10AA2D2059533DF6035F4F" decryptionKey="B179091DBB2389B996A526DE8BCD7ACFDBCAB04EF1D085481C61496F693DF5F4"
validation="MD5" decryption="Auto" />
如果这样做,我会在@Html.AntiForgeryToken() 中收到以下错误:
**ConfigurationErrorsException was unhandled...**
When using <machineKey compatibilityMode="Framework45" /> or the MachineKey.Protect and MachineKey.Unprotect APIs,
the 'validation' attribute must be one of these values: SHA1, HMACSHA256, HMACSHA384, HMACSHA512, or alg:[KeyedHashAlgorithm].
我需要在case MembershipPasswordFormat.Encrypted: 中编写自定义代码来加密/解密 MD5 或我需要做的事情,谢谢。
【问题讨论】:
标签: asp.net-mvc-4 encryption asp.net-membership md5