解密在HTTPS实例上生成的WebResource.axd URL
[英]Decrypt WebResource.axd URL generated on HTTPS instance
问题描述
I have below mentioned code: 
我有下面提到的代码:
string urlEncodedData = URL.Text;
byte[] encryptedData = HttpServerUtility.UrlTokenDecode(urlEncodedData);
Type machineKeySection = typeof(System.Web.Configuration.MachineKeySection);
Type[] paramTypes = new Type[] { typeof(bool), typeof(byte[]), typeof(byte[]), typeof(int), typeof(int) };
MethodInfo encryptOrDecryptData = machineKeySection.GetMethod("EncryptOrDecryptData", BindingFlags.Static | BindingFlags.NonPublic, null, paramTypes, null);
try
{
byte[] decryptedData = (byte[])encryptOrDecryptData.Invoke(null, new object[] { false, encryptedData, null, 0, encryptedData.Length });
string decrypted = Encoding.UTF8.GetString(decryptedData);
decryptedLabel.BackColor = Color.Lime;
decryptedLabel.Text = decrypted;
}
catch (TargetInvocationException)
{
decryptedLabel.BackColor = Color.Red;
decryptedLabel.Text = "Error decrypting data. Are you running your page on the same server and inside the same application as the web resource URL that was generated?";
}
It Decrypts and tell me details about webresource. 它解密并告诉我有关webresource的详细信息。 locally it works fine. 在当地它工作正常。
But on production it always gives me below message from catch block 但是在制作时它总是给我一个来自catch块的消息
Error decrypting data. 解密数据时出错。 Are you running your page on the same server and inside the same application as the web resource URL that was generated? 您是在同一服务器上运行页面,并在与生成的Web资源URL相同的应用程序内运行?
The only difference I have is production being on HTTPS. 我唯一的区别是生产在HTTPS上。 Is above code valid for HTTPS also, or do I have to make change(s) to it? 以上代码是否也适用于HTTPS,或者我是否必须对其进行更改?
1 个解决方案
解决方案1
3 2015-02-16 09:28:56
I also was using this code snippet to decrypt webresource.axd parameter, but lately it stopped working. 我也使用此代码片段来解密webresource.axd参数,但最近它停止了工作。
Maybe it's change of framework to 4.5, because I found this comment in .net sources - Page class, method DecryptString http://referencesource.microsoft.com/#System.Web/UI/Page.cs,18cf7b1fe99faea6 也许它是将框架更改为4.5,因为我在.net源代码中找到了这个注释 - 页面类,方法DecryptString http://referencesource.microsoft.com/#System.Web/UI/Page.cs,18cf7b1fe99faea6
if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider) {
// ASP.NET 4.5 Crypto DCR: Go through the new AspNetCryptoServiceProvider
// if we're configured to do so.
ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(purpose, CryptoServiceOptions.CacheableOutput);
clearData = cryptoService.Unprotect(protectedData);
}
else {
// If we're not configured to go through the new crypto routines,
// fall back to the standard MachineKey crypto routines.
#pragma warning disable 618 // calling obsolete methods
clearData = MachineKeySection.EncryptOrDecryptData(fEncrypt: false, buf: protectedData, modifier: null, start: 0, length: protectedData.Length, useValidationSymAlgo: false, useLegacyMode: false, ivType: IVType.Hash);
#pragma warning restore 618 // calling obsolete methods
}
Are you sure the only difference is http and https, maybe framework version also? 你确定唯一的区别是http和https,也许是框架版本吗?
Nevertheless I used method DecryptString instead EncryptOrDecryptData and below code is working for me. 不过我使用的方法是DecryptString而不是EncryptOrDecryptData ,下面的代码对我有用 。 You can check if this working for you too :) 你可以检查这是否也适合你:)
private static string Decrypt(string webResourceParameter)
{
var purposeType = Type.GetType("System.Web.Security.Cryptography.Purpose, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a");
if (purposeType == null)
return null;
try
{
var purpose = Activator.CreateInstance(purposeType, "AssemblyResourceLoader.WebResourceUrl");
const BindingFlags decryptFlags = BindingFlags.NonPublic | BindingFlags.Static;
var decryptString = typeof (Page).GetMethod("DecryptString", decryptFlags);
var decrypt = decryptString.Invoke(null, new[] {webResourceParameter, purpose}) as string;
return decrypt;
}
catch (Exception ex)
{
return null;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.