ASP.NET machineKey 配置部分默认位置

发布于 2024-09-24 00:14:31 字数 905 浏览 7 评论 0原文

在哪里可以找到 ASP.NET 的 machineKey 配置部分?

我的应用程序 Web.config 中没有,根 Web.config 中也没有,我的机器中也没有.config。

这是否意味着 ASP.NET 中还硬编码了一些其他默认值?如果是这样,默认值是什么?(对于 .NET 2 和 4)

阅读以下内容:http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx

我希望在某个地方找到类似的东西:

<machineKey 
    validationKey="AutoGenerate,IsolateApps" 
    decryptionKey="AutoGenerate,IsolateApps" 
/>

编辑: 1.1 文档对于默认值似乎相当清晰: http:// /msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx 但这 4 个文档相当模糊 http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx

Where do I find the machineKey config section for ASP.NET?

I don't have one in my application Web.config, there isn't one in the root Web.config and there isn't one in my machine.config.

Does this mean there is some other default hardcoded into ASP.NET? If so, what are the defaults? (For .NET 2 and 4)

Having read this: http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx

i was expecting to find something like this, somewhere:

<machineKey 
    validationKey="AutoGenerate,IsolateApps" 
    decryptionKey="AutoGenerate,IsolateApps" 
/>

Edit: the 1.1 docs seem fairly clear wrt default values: http://msdn.microsoft.com/en-us/library/w8h3skw9(VS.71).aspx but the 4 docs are rather ambiguous http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

凉栀 2024-10-01 00:14:31

machineKey 位于 web.config 中的 System.web 条目下,

请参阅 web.config 架构的 MSDN 链接

如果您在 web.config 中没有看到它,您可以将其添加到那里。

再次来自 MSDN :-)

提供防篡改 ViewState,一种哈希消息身份验证代码(HMAC) 是根据 ViewState 内容生成的,并在后续请求中比较哈希值。 的validation属性指示使用哪种散列算法,默认为SHA1,它使用HMACSHA1算法。散列的有效选择包括SHA1或MD5,尽管SHA1更可取,因为它产生更大的散列并且被认为在密码学上比 MD5 更强。的validationKey 属性与ViewState 内容结合使用来生成HMAC。如果您的应用程序安装在网络场中,则需要将validationKey从AutoGenerate,IsolateApps更改为特定的手动生成的键值。

元素的默认设置在计算机级 web.config.comments 文件中定义。

对于 machineKey,它们是

<machineKey validationKey="AutoGenerate,IsolateApps"  
            decryptionKey="AutoGenerate,IsolateApps" 
            validation="SHA1" decryption="Auto" />

EDIT :
对于 .NET 4.0,默认算法已更改SHA256
我认为查找默认值的最简单方法是查看 MSDN 中此配置值的条目。

machinekey 的 MSDN 4.0 如下。所选值是默认值。
[] 中的值是该字段可以采用的其他可选值。
我记得在某个地方读过,这是 MSDN 中表示配置值默认值的典型方式。

<machineKey 
  validationKey="AutoGenerate,IsolateApps" [String]
  decryptionKey="AutoGenerate,IsolateApps" [String]
  validation="HMACSHA256" [SHA1 | MD5 | 3DES | AES | HMACSHA256 | 
    HMACSHA384 | HMACSHA512 | alg:algorithm_name]
  decryption="Auto" [Auto | DES | 3DES | AES | alg:algorithm_name]
/>

machineKey is situated under System.web entry in web.config

Refer MSDN link for web.config Schema.

If you dont see it in your web.config, you can just add it there.

From MSDN again :-)

To provide tamper proof ViewState, a hashed message authentication code (HMAC) is generated from the ViewState content and the hash is compared on subsequent requests. The validation attribute of the indicates which hashing algorithm to use, and it defaults to SHA1, which uses the HMACSHA1 algorithm. Valid choices for hashing include SHA1 or MD5, although SHA1 is preferable because it produces a larger hash and is considered cryptographically stronger than MD5. The validationKey attribute of is used in conjunction with the ViewState content to produce the HMAC. If your application is installed in a Web farm, you need to change the validationKey from AutoGenerate,IsolateApps to a specific manually generated key value.

The default settings for the <pages> and <machineKey> elements are defined in the machine-level web.config.comments file.

For machineKey, they are

<machineKey validationKey="AutoGenerate,IsolateApps"  
            decryptionKey="AutoGenerate,IsolateApps" 
            validation="SHA1" decryption="Auto" />

EDIT :
For .NET 4.0 the default algorithm has been changed to SHA256
I think that the easiest way of finding the defaults is to see the entry in the MSDN for this config value.

MSDN 4.0 for machinekey is as below. The values selected are the default values.
The values in [] are the other optional values that the field can take.
I remember reading someplace this is the typical way in MSDN of denoting defaults for the config values.

<machineKey 
  validationKey="AutoGenerate,IsolateApps" [String]
  decryptionKey="AutoGenerate,IsolateApps" [String]
  validation="HMACSHA256" [SHA1 | MD5 | 3DES | AES | HMACSHA256 | 
    HMACSHA384 | HMACSHA512 | alg:algorithm_name]
  decryption="Auto" [Auto | DES | 3DES | AES | alg:algorithm_name]
/>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文