How to gain access to Asp.Net Core encryption keys?

前端 未结 1 1884
独厮守ぢ
独厮守ぢ 2021-01-14 20:18

A cookie provided by call:

await HttpContext.Authentication.SignInAsync(\"MyCookieMiddlewareInstance\", principal);
         


        
1条回答
  •  有刺的猬
    2021-01-14 21:06

    Gaining Access to the Keys
    By default the .net core framework goes to great lengths to keep the keys private and to help the developer to avoid any need for handling the keys. This is good as it's quite difficult for developers to keep keys safe.

    That said, with a change of configuration you can easily gain access to the keys.

    Add the following line of code to the ConfigureServices method of the Startup.cs file. If you use use session, add it below the line for AddSession:

     services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(keyDirPath));
    

    and set keyDirPath to the operating system absolute path of the directory that you'd like the keys stored in. The directory does not need to already exist as the system will create it on the fly. In my case I set directory to a folder named Keys. Here's what the directory looked like after running the code once, it contains one key file:

    The contents of that key file are unencrypted and look like this:

    
      
        2017-03-17T12:21:10.8909291Z
        2017-03-17T12:21:10.8419262Z
        2017-06-15T12:21:10.8419262Z
        
          
            
            
            
              
              BMJ6EY5MbcR0vaXhCbHggQcVsuYc6MnMtQpQm0qL647UBVx0YDbZufqQ+2/XuahFfIY2fJ6BIlOl+LYODnLbrA==
            
          
        
      
    

    WARNING: You should never leave your keys laying around in a totally unprotected state in a folder named keys. Doing so is not a security best practice. But if you are trying to learn about the security system, it's a useful exercise.

    You can learn more about the Data protection services here: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview

    0 讨论(0)
提交回复
热议问题