ASP.NET machineKey 配置部分默认位置
在哪里可以找到 ASP.NET 的 machineKey 配置部分?
我的应用程序 Web.config 中没有,根 Web.config 中也没有,我的机器中也没有.config。
这是否意味着 ASP.NET 中还硬编码了一些其他默认值?如果是这样,默认值是什么?(对于 .NET 2 和 4)
阅读以下内容:http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
我希望在某个地方找到类似的东西:
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
/>
编辑: 1.1 文档对于默认值似乎相当清晰: http:// /msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx 但这 4 个文档相当模糊 http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
Where do I find the machineKey config section for ASP.NET?
I don't have one in my application Web.config, there isn't one in the root Web.config and there isn't one in my machine.config.
Does this mean there is some other default hardcoded into ASP.NET? If so, what are the defaults? (For .NET 2 and 4)
Having read this: http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
i was expecting to find something like this, somewhere:
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
/>
Edit: the 1.1 docs seem fairly clear wrt default values: http://msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx but the 4 docs are rather ambiguous http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
machineKey位于web.config中的System.web条目下,请参阅 web.config 架构的 MSDN 链接。
如果您在 web.config 中没有看到它,您可以将其添加到那里。
再次来自 MSDN :-)
提供防篡改 ViewState,一种哈希消息身份验证代码(HMAC) 是根据 ViewState 内容生成的,并在后续请求中比较哈希值。 的validation属性指示使用哪种散列算法,默认为SHA1,它使用HMACSHA1算法。散列的有效选择包括SHA1或MD5,尽管SHA1更可取,因为它产生更大的散列并且被认为在密码学上比 MD5 更强。的validationKey 属性与ViewState 内容结合使用来生成HMAC。如果您的应用程序安装在网络场中,则需要将validationKey从AutoGenerate,IsolateApps更改为特定的手动生成的键值。
对于 machineKey,它们是
EDIT :
对于 .NET 4.0,默认算法已更改为 SHA256
我认为查找默认值的最简单方法是查看 MSDN 中此配置值的条目。
machinekey 的 MSDN 4.0 如下。所选值是默认值。
[] 中的值是该字段可以采用的其他可选值。
我记得在某个地方读过,这是 MSDN 中表示配置值默认值的典型方式。
machineKeyis situated underSystem.webentry inweb.configRefer MSDN link for web.config Schema.
If you dont see it in your web.config, you can just add it there.
From MSDN again :-)
To provide tamper proof ViewState, a hashed message authentication code (HMAC) is generated from the ViewState content and the hash is compared on subsequent requests. The validation attribute of the indicates which hashing algorithm to use, and it defaults to SHA1, which uses the HMACSHA1 algorithm. Valid choices for hashing include SHA1 or MD5, although SHA1 is preferable because it produces a larger hash and is considered cryptographically stronger than MD5. The validationKey attribute of is used in conjunction with the ViewState content to produce the HMAC. If your application is installed in a Web farm, you need to change the validationKey from AutoGenerate,IsolateApps to a specific manually generated key value.
The default settings for the
<pages>and<machineKey>elements are defined in the machine-level web.config.comments file.For machineKey, they are
EDIT :
For .NET 4.0 the default algorithm has been changed to SHA256
I think that the easiest way of finding the defaults is to see the entry in the MSDN for this config value.
MSDN 4.0 for machinekey is as below. The values selected are the default values.
The values in [] are the other optional values that the field can take.
I remember reading someplace this is the typical way in MSDN of denoting defaults for the config values.