ASP.NET MVC 3 AntiForgeryToken 和自定义 MachineKey 配置
当在 Web.Config 中自定义配置 MachineKey 时,我们遇到了 ASP.NET MVC 3 AntiForgeryToken HTML 帮助程序的一些问题。如果将 MachineKey 更改为以下内容(取自 Microsoft HowTo 指南,了解如何配置机器密钥),则很容易重现该错误。
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"/>
AntiForgeryToken 抛出的异常如下:
[IndexOutOfRangeException: Index was outside the bounds of the array.]
System.Web.Configuration.MachineKeySection.SetInnerOuterKeys(Byte[] validationKey, Byte[]& inner, Byte[]& outer) +11499173
System.Web.Configuration.MachineKeySection.ConfigureEncryptionObject() +228
System.Web.Configuration.MachineKeySection.EnsureConfig() +287
System.Web.Configuration.MachineKeySection.HashData(Byte[] buf, Byte[] modifier, Int32 start, Int32 length) +46
System.Web.Security.MachineKey.Encode(Byte[] data, MachineKeyProtection protectionOption) +58
System.Web.Helpers.AntiForgeryDataSerializer.<.ctor>b__2(Byte[] bytes) +13
System.Web.Helpers.AntiForgeryDataSerializer.Serialize(AntiForgeryData token) +365
System.Web.Helpers.AntiForgeryWorker.GetAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, String salt, String domain, String path) +326
System.Web.Helpers.AntiForgeryWorker.GetHtml(HttpContextBase httpContext, String salt, String domain, String path) +28
System.Web.Helpers.AntiForgery.GetHtml(HttpContextBase httpContext, String salt, String domain, String path) +75
System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path) +48
这是 ASP.NET MVC 3 Html Helper 生成 AntiForgeryToken 的错误吗?或者我在配置机器密钥方面遗漏了一些东西?
We've run into some issues with ASP.NET MVC 3 AntiForgeryToken HTML helper when having a custom configured MachineKey in Web.Config. The error is easy to reproduce if you change your MachineKey to the following (taken from Microsoft HowTo-guide on how to configure machine key).
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"/>
The exception thrown by AntiForgeryToken is as follow:
[IndexOutOfRangeException: Index was outside the bounds of the array.]
System.Web.Configuration.MachineKeySection.SetInnerOuterKeys(Byte[] validationKey, Byte[]& inner, Byte[]& outer) +11499173
System.Web.Configuration.MachineKeySection.ConfigureEncryptionObject() +228
System.Web.Configuration.MachineKeySection.EnsureConfig() +287
System.Web.Configuration.MachineKeySection.HashData(Byte[] buf, Byte[] modifier, Int32 start, Int32 length) +46
System.Web.Security.MachineKey.Encode(Byte[] data, MachineKeyProtection protectionOption) +58
System.Web.Helpers.AntiForgeryDataSerializer.<.ctor>b__2(Byte[] bytes) +13
System.Web.Helpers.AntiForgeryDataSerializer.Serialize(AntiForgeryData token) +365
System.Web.Helpers.AntiForgeryWorker.GetAntiForgeryTokenAndSetCookie(HttpContextBase httpContext, String salt, String domain, String path) +326
System.Web.Helpers.AntiForgeryWorker.GetHtml(HttpContextBase httpContext, String salt, String domain, String path) +28
System.Web.Helpers.AntiForgery.GetHtml(HttpContextBase httpContext, String salt, String domain, String path) +75
System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path) +48
Is this a bug in the ASP.NET MVC 3 Html Helper to generate the AntiForgeryToken? Or am I missing something in regards to configuring machine keys?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看起来我搞砸了钥匙 - 使用 http://aspnetresources.com/tools/machineKey 我是能够生成有效的 machineKey 配置部分。
It looks like I screwed up the keys - using http://aspnetresources.com/tools/machineKey I was able to generate a valid machineKey config section.