堆栈内存溢出
  简体   繁体   English

无法将声明Cookie从.NET 4.5解密到.NET 3.5

[英]Unable to decrypt claims cookie from .NET 4.5 to .NET 3.5

 原文  2014-02-13 12:22:16       c#/ .net/ .net-3.5/ .net-4.5/ claims-based-identity

问题描述

I have been trying to get the following scenario to work for around a week now with no luck. 我一直在努力使以下情况在没有运气的情况下工作约一周。 I have 2 applications, a .NET 4.5 application that is claims enabled, which is working perfectly well (works with other .NET 4 and up applications); 我有2个应用程序,一个启用了声明的.NET 4.5应用程序,它运行良好(与其他.NET 4及更高版本的应用程序一起使用); and a legacy Intranet system built using WebForms .NET 3.5. 以及使用WebForms .NET 3.5构建的旧Intranet系统。 The legacy application CANNOT be upgraded to a later version of .NET (would be so much easier). 旧版应用程序无法升级到.NET的更高版本(会容易得多)。

What I want to happen is that when I login on the .NET 4.5 application, I need to be authenticated when I visit the .NET 3.5 application. 我想发生的是,当我登录.NET 4.5应用程序时,在访问.NET 3.5应用程序时需要进行身份验证。 I have ensured that the Cookie Names between the applications are the same, and that the machineKey values in the web.config are the same (I am using MachineKeySessionSecurityTokenHandler to ensure that the encyrpted cookie values are the same even in a Web Farm scenario); 我已确保应用程序之间的Cookie名称相同,并且web.config中的machineKey值相同(即使在Web场方案中,我也使用MachineKeySessionSecurityTokenHandler来确保加密的Cookie值相同); however what happens is that when I move to the .NET 3.5 application I get the following error from the SymmetricEncryptionFormatter class: 但是,发生的事情是,当我移至.NET 3.5应用程序时,我从SymmetricEncryptionFormatter类得到以下错误:

ID0006: The input string parameter is either null or empty.Parameter name: value ID0006:输入的字符串参数为null或为空参数名称:值

I have tried changing the MachineKey keys (decryptionkey/validationkey/validation/decryptiom) to a variety of different combinations (ensuring that they are consistent between the 2 sites). 我尝试将MachineKey密钥(decryptionkey / validationkey / validation / decryptiom)更改为各种不同的组合(确保它们在两个站点之间是一致的)。 I can see that the same cookie, with the same cookie value is visible when I go to the 2 sites. 我可以看到当我去两个站点时,具有相同cookie值的相同cookie是可见的。 I think that the issue may be related to the Crytographic changes between .NET 3.5 & .NET 4.5 (see here [http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-in-asp-net-4-5-pt-2.aspx]) 我认为该问题可能与.NET 3.5和.NET 4.5之间的密码学更改有关(请参阅此处[http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-在-ASP净4-5-PT-2.aspx])

Does anyone have any ideas as to what may be causing this? 是否有人对导致此问题的原因有任何想法?

Key entries from .NET 4.5 application Web.config: .NET 4.5应用程序Web.config中的关键条目: 

<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />  
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>

<authentication mode="None" />


<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" name="TestName" />
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost:51318/" realm="http://localhost:57083/" persistentCookiesOnPassiveRedirects="true" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>

Key entries from .NET 3.5 application Web.config: .NET 3.5应用程序Web.config中的关键条目: 

<authentication mode="None"/>

<machineKey decryptionKey="CC510DF4..." validationKey="BEAC835EEC..." />

<microsoft.identityModel>
<service>
  <securityTokenHandlers>
    <!-- Replace the SessionSecurityTokenHandler with our own. -->
    <remove type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    <add type="MachineKeySessionSecurityTokenHandler, App_Code"/>
  </securityTokenHandlers>
</service>
</microsoft.identityModel>

<microsoft.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost:51318/" realm="http://localhost:57083/" requireHttps="false"/>
<cookieHandler requireSsl="false" name="TestName"/>
</federationConfiguration>
</microsoft.identityModel.services>

1 个解决方案

解决方案1
 1  2014-02-13 15:04:16

The internal format of the cookie has changed between WIF and .NET 4.5. Cookie的内部格式已在WIF和.NET 4.5之间更改。 You can't share them between the versions. 您不能在两个版本之间共享它们。

Rather point both apps to the same STS and let each app use their own session cookie. 而是将两个应用程序都指向同一个STS,并让每个应用程序使用各自的会话cookie。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .NET从3.5升级到4.5打破了依赖关系 - Upgrading .NET from 3.5 to 4.5 breaks dependencies 使用.NET 4.5中的sharepoint调用.NET 3.5库 - Making a call to .NET 3.5 library using sharepoint from .NET 4.5 如何从JWT令牌.NET 4.5中读取声明 - How to read Claims from JWT Token .NET 4.5 从.net 4.5创建SQL Server Compact 3.5 - Create SQL Server Compact 3.5 from .net 4.5 从.net 3.5迁移到4.5,System.Xml.Linq错误 - Migrating from .net 3.5 to 4.5, Error with System.Xml.Linq 从服务器端访问httponly cookie(ASP.NET 4.5) - Access httponly cookie from server side (ASP.NET 4.5) 部署.Net 3.5 / 4.5桌面应用程序 - Deploy .Net 3.5/4.5 Desktop App 在同一进程中将.NET 3.5与4 / 4.5程序集混合使用 - Mixing .NET 3.5 with 4/4.5 assemblies in the same process 将.NET配置为在Windows 7和Windows 8上使用3.5和4.5 - Configure .NET to use 3.5 on Windows 7 and 4.5 on Windows 8 在C#.net 3.5中加密和解密字符串 - Encrypt and Decrypt String in C# .net 3.5
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM