ASP.NET Core 8 MVC 应用程序使用startup.cs中定义的cookie身份验证:
services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(@"Voti"));
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"Voti"));
options.Cookie = new CookieBuilder()
{
Name = ".EevaAuth",
IsEssential = true,
SameSite = SameSiteMode.Strict
};
options.LoginPath = new PathString("/Account/LogOn");
options.ReturnUrlParameter = "returnUrl";
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(30);
});
控制器解析自己的日志文件。日志文件包含身份验证
如何手动解密 ASP.NET Core 身份验证 cookie?
http请求日志文件记录http请求。日志在标头中包含身份验证 cookie,例如
Cookie: .EevaAuth=CfDJ8ArEl-fh9A1DvMRTXwPoRF9c7eL8Jfy0__CVs5Fm_zPCFzpDmZbQFE-Y9hqt5YbWMLwJo0jL99KPOVp1xp1rTm6FOgozhmZU6yAVY7KMzNDeb1MCrp7QqzlVABXkYPo-2 nTgFDGEYTqp_2iKJ6Kb54eWFhV4tYHWCDSNdwvNWUS2R6uekt9q6nj2rz8hfA4K2uh1tAoW_NkJFfEbc8mYhOoIQrlnSv9ZUPafywn2EI2MR-33k08i-GqI6ZwU9oA7yndywhh_VwEq0 oJ-xMm0vCpJsjQdzEjdKH-gJufGy-BdHeEmpzepvTiUjPWGl3XNIHtjzxvTF_J-78oou5173BgbGqggAHCf9BeGWbZL0LTlo54etO5QbSYtRFr3P3AHWg
尝试使用代码解密 cookie 如何手动解密 ASP.NET Core 身份验证 cookie?
public string DecryptCookie()
{
var provider = DataProtectionProvider.Create(new DirectoryInfo(@"Voti"));
string cookieValue = HttpContext.Request.Cookies[".EevaAuth"];
var dataProtector = provider.CreateProtector(
"Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", ".EevaAuth", "v2");
UTF8Encoding specialUtf8Encoding = new UTF8Encoding(false, true);
byte[] protectedBytes = Base64UrlTextEncoder.Decode(cookieValue);
byte[] plainBytes = dataProtector.Unprotect(protectedBytes);
string plainText = specialUtf8Encoding.GetString(plainBytes);
return plainText;
}
此代码抛出异常:
System.Security.Cryptography.CryptographyException:有效负载无效。有关更多信息,请访问 https://aka.ms/aspnet/dataprotectionwarning
在 Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(字节 * pbCiphertext,UInt32 cbCiphertext,字节 * pbAdditionalAuthenticatedData,UInt32 cbAdditionalAuthenticatedData)
在 Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(ArraySegment1 extraAuthenticatedData)1 ciphertext, ArraySegment
在 Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData,布尔值allowOperationsOnRevokedKeys,UnprotectStatus& status)
在 Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
在 MyApp.Controllers.Erp.AboutController.DecryptCookie()
如何解密.NET 8 cookie?身份验证与为其他用户创建的应用程序相同
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { ...
参考cookie认证,使用
CookieAuthenticationDefaults.AuthenticationScheme
设置cookie认证时,默认情况下AuthenticationScheme值设置为“Cookies”。
因此,在创建数据保护器时,我们需要使用“Cookies”方案,而不是使用“.EevaAuth”。
要解决这个问题,可以修改代码如下:
public string DecryptCookie()
{
var provider = DataProtectionProvider.Create(new DirectoryInfo(@"Voti"));
string cookieValue = HttpContext.Request.Cookies[".EevaAuth"];
var dataProtector = provider.CreateProtector(
"Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Cookies", "v2"); //change the AuthenticationScheme value
UTF8Encoding specialUtf8Encoding = new UTF8Encoding(false, true);
byte[] protectedBytes = Base64UrlTextEncoder.Decode(cookieValue);
byte[] plainBytes = dataProtector.Unprotect(protectedBytes);
string plainText = specialUtf8Encoding.GetString(plainBytes);
return plainText;
}
我的样本中的结果是这样的: