C# 根据 Guid 与 40Char 十六进制字符串 (UUID) 结合创建身份验证令牌

发布于 2024-09-14 19:54:59 字数 1599 浏览 7 评论 0 原文

我正在编写一个驱动 iPhone 应用程序的 asp.net MVC 应用程序。

我希望 Iphone 向我发送其 UUID，如下所示：

2b6f0cc904d137be2e1730235f5664094b831186

在服务器上，我想生成一个 Guid：

466853EB-157D-4795-B4D4-32658D85A0E0

在 Iphone 和服务器上，我需要一个简单的算法将这两个值组合成可以传递的身份验证令牌。 iPhone 和 ASP.NET MVC 应用程序都需要能够根据 UUID 和 GUID 反复计算该值。

因此，这需要是一个简单的算法，没有来自 .net 框架的库。

完整解决方案在这里

        public void Test()
        {    
            var DeviceId = Guid.NewGuid();
            var newId = "2b6f0cc904d137be2e1730235f5664094b831186";

            var guidBytes = DeviceId.ToByteArray();
            var iphoneBytes = StringToByteArray(newId);
            byte[] xor = new byte[guidBytes.Length];

            for (int i=0;i<guidBytes.Length;i++)
            {
                xor[i] = (byte) (guidBytes[i] ^ iphoneBytes[i]);
            }

            var result = ByteArrayToString(xor);               
        }

        public static byte[] StringToByteArray(String hex)
        {
            int NumberChars = hex.Length;
            byte[] bytes = new byte[NumberChars / 2];
            for (int i = 0; i < NumberChars; i += 2)
                bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
            return bytes;
        }

        public static string ByteArrayToString(byte[] ba)
        {
            StringBuilder hex = new StringBuilder(ba.Length * 2);
            foreach (byte b in ba)
                hex.AppendFormat("{0:x2}", b);
            return hex.ToString();
        }

原文

I am writing an asp.net MVC app that drives an IPhone application.

I want the Iphone to send me its UUID looks like this:

2b6f0cc904d137be2e1730235f5664094b831186

On the server I want to generate a Guid:

466853EB-157D-4795-B4D4-32658D85A0E0

On both the Iphone and the Server I need a simple aglorithm to combine these 2 values into an Auth token that can be passed around. Both the IPhone and the ASP.NET MVC app need to be able to compute the value over and over based on the UUID and the GUID.

So this needs to be a simple algorithm with no libraries from the .net framework.

Full Solution Here

        public void Test()
        {    
            var DeviceId = Guid.NewGuid();
            var newId = "2b6f0cc904d137be2e1730235f5664094b831186";

            var guidBytes = DeviceId.ToByteArray();
            var iphoneBytes = StringToByteArray(newId);
            byte[] xor = new byte[guidBytes.Length];

            for (int i=0;i<guidBytes.Length;i++)
            {
                xor[i] = (byte) (guidBytes[i] ^ iphoneBytes[i]);
            }

            var result = ByteArrayToString(xor);               
        }

        public static byte[] StringToByteArray(String hex)
        {
            int NumberChars = hex.Length;
            byte[] bytes = new byte[NumberChars / 2];
            for (int i = 0; i < NumberChars; i += 2)
                bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
            return bytes;
        }

        public static string ByteArrayToString(byte[] ba)
        {
            StringBuilder hex = new StringBuilder(ba.Length * 2);
            foreach (byte b in ba)
                hex.AppendFormat("{0:x2}", b);
            return hex.ToString();
        }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

暮光沉寂 2024-09-21 19:54:59

嗯，iPhone ID 看起来像一个十六进制字符串，因此将两者转换为二进制并对字节进行异或操作应该可以做到这一点。您可以根据需要将结果存储为数组、十六进制字符串或 base-64 编码字符串。

然而，您将其称为“身份验证令牌”的方式有点令人担忧。会话 ID 必须是不可预测的。您可以考虑在服务器上生成一组加密随机数据而不是 GUID。

编辑

// Convert the server GUID to a byte array.
byte[] guidBytes = severGuid.ToByteArray();

// Convert the iPhone device ID to an array
byte[] idBytes = StringToByteArray(iPhoneId);

遗憾的是，.NET 似乎没有内置方法来转换十六进制字符串或从十六进制字符串转换，但这个主题之前已经介绍过：将字节数组转换为十六进制字符串，反之亦然

// Once you've XORed the bytes, conver the result to a string.
string outputString = ByteArrayToString(outputBytes);

Well, the iPhone ID looks like a hex string, so converting both to binary and XORing the bytes ought to do it. You could store the result as an array, hex string, or base-64 encoded string as appropriate.

The way you refer to this as an "auth token" is a little concerning, however. Session ids must be unpredictable. You might consider generating an array of cryptographically random data on the server instead of a GUID.

Edit

// Convert the server GUID to a byte array.
byte[] guidBytes = severGuid.ToByteArray();

// Convert the iPhone device ID to an array
byte[] idBytes = StringToByteArray(iPhoneId);

Sadly, it seems .NET doesn't have a built-in method to convert to/from hex strings, but this subject has been covered before: Convert byte array to hex string and vice versa

// Once you've XORed the bytes, conver the result to a string.
string outputString = ByteArrayToString(outputBytes);

回复收藏 0 原文

天暗了我发光 2024-09-21 19:54:59

作为旁注，我使用过的所有“身份验证令牌”机制（至少）将一个常量值（“秘密”）与当前时间连接起来，然后将它们散列在一起，然后发送散列和日期。然后，服务器根据接收到的日期和已知的“秘密”重建哈希值，然后与接收到的哈希值（签名）进行比较。
我的观点是“与日期连接”——这使得生成的签名每次都不同，理论上应该更安全。