我试图在IIS中使用应用程序请求路由(ARR)将一组路径传递给Node.js网站.我的问题是能够在任何一方获得/设置身份验证票.
我真的需要一个加密/解密对的简单示例,它将适用于C#和Node.js,它们开箱即用,两者结果相同.在接下来的几天里,我将在时间允许的情况下自己解决这个问题,如果没有人在我面前提出答案,我打算回答.
我的目的是将节点侧写为Node.js端的connect / express模块.我已经在ASP.Net解决方案中进行了自定义身份验证,并且可以轻松地用两个平台上安全的东西替换我当前的方法(只要它们共享相同的密钥).
在AccountController.cs中创建身份验证cookie的当前代码
private void ProcessUserLogin(MyEntityModel db,SiteUser user,bool remember=false)
{
var roles = String.Join("|",value:user.SiteRoles.Select(sr => sr.Name.ToLowerInvariant().Trim()).Distinct().ToArray());
//update the laston record(s)
user.UserAgent = Request.UserAgent;
user.LastOn = DateTimeOffset.UtcNow;
db.SaveChanges();
// Create and tuck away the cookie
var authTicket = new FormsAuthenticationTicket(
1,user.Username,DateTime.Now,DateTime.Now.AddDays(31) //max 31 days,remember,string.IsNullOrWhiteSpace(roles) ? "guest" : roles
);
var ticket = FormsAuthentication.Encrypt(authTicket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,ticket);
if (remember) cookie.Expires = DateTime.Now.AddDays(8);
Response.Cookies.Add(cookie);
}
用于读取Global.asax.cs中的身份验证cookie的当前代码
void Application_AuthenticateRequest(object sender,EventArgs args)
{
HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null) return;
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
string[] roles = authTicket.UserData.Split(new Char[] { '|' });
//create new generic identity,and corresponding principal...
var g = new GenericIdentity(authTicket.Name);
var up = new GenericPrincipal(g,roles);
//set principal for current request & thread (app will handle transitions from here)
Thread.CurrentPrincipal = Context.User = up;
}
Web.config的相关部分
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<membership>
<providers>
<!-- Remove default provider(s),so custom override works -->
<clear />
</providers>
</membership>
</system.web>
</configuration>
解决方法
这是一个使用DES算法的工作示例.
reference
using System;
using System.Text;
using System.Security.Cryptography;
public class Test
{
public static string Encrypt(string toEncrypt,string key,bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
var tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
// tdes.Mode = CipherMode.CBC; // which is default
// tdes.Padding = PaddingMode.PKCS7; // which is default
Console.WriteLine("iv: {0}",Convert.ToBase64String(tdes.IV));
ICryptoTransform cTransform = tdes.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray,toEncryptArray.Length);
return Convert.ToBase64String(resultArray,resultArray.Length);
}
public static void Main()
{
Console.WriteLine("encrypted as: {0}",Encrypt("12345","abcdefghijklmnop",false));
}
}
哪个输出
iv: pdMBMjdeFdo= encrypted as: 3uDkdT6aQ3c=
并在node.js中使用正确的算法des-ede-cbc:
var crypto = require('crypto');
var alg = 'des-ede-cbc';
var key = new Buffer('abcdefghijklmnop','utf-8');
var iv = new Buffer('pdMBMjdeFdo=','base64');
var encrypted = new Buffer('3uDkdT6aQ3c=','base64');
var source = '12345';
var cipher = crypto.createCipheriv(alg,key,iv);
var encoded = cipher.update(source,'ascii','base64');
encoded += cipher.final('base64');
console.log(encoded,encrypted.toString('base64'));
var decipher = crypto.createDecipheriv(alg,iv);
var decoded = decipher.update(encrypted,'binary','ascii');
decoded += decipher.final('ascii');
console.log(decoded,source);
哪个输出
3uDkdT6aQ3c= 3uDkdT6aQ3c= 12345 12345
