I need to thread state through the client, but only for particular get requests (aka links). As such, I don't want to add this state to the client's ViewState, cluttering it up. The state needs to be encrypted. How can I create a new ViewState-like dictionary and encrypt it with the key and settings from MachineKey in machine.config? If the dictionary component isn't exposed, how can I encrpyt/decrypt strings using the key from machine.config. I don't want to add more configuration that must be replicated across our server farm to duplicate existing functionality.
views:
30answers:
1
A:
The machine key configuration is accessible through System.Web.Configuration.MachineKeySection which has no public methods besides a constructor and Reset.
Decryption of strings is handled by the following method:
.method assembly hidebysig static string
DecryptStringWithIV(string s,
valuetype System.Web.Configuration.IVType ivType) cil managed
Which calls
.method assembly hidebysig static uint8[]
EncryptOrDecryptData(bool fEncrypt,
uint8[] buf,
uint8[] modifier,
int32 start,
int32 length,
bool useValidationSymAlgo,
bool useLegacyMode,
valuetype System.Web.Configuration.IVType ivType) cil managed
These are both private; the encryption/decryption functionality isn't exposed. It might be possible to access decryption through implementations of System.Web.IHttpHandler by constructing an HttpContext, though I'm not sure where one could go to call the encryption functionality.
Cirdec
2010-08-11 14:50:24
Even without doing the decryption myself, I can't find a way to access this functionality in a generic handler: see: http://stackoverflow.com/questions/2722377/viewstate-in-a-ashx-handler
Cirdec
2010-08-11 16:12:56
http://www.codinginstinct.com/2008/09/encrypt-cookie-using-machine-key.html
Cirdec
2010-08-11 23:35:58
The only way to get to this stuff directly is through reflection.
Cirdec
2010-09-04 03:54:12