问题
I am using HMACSHA256 for message authentication in a web-farm environment.
Within the web-farm each machine has the same machine key, so the ViewState will work across machines, however, I need to do HMAC message authentication which will work across machines, so I figured that since all machines use the same machine key, there should be a way to derive a key from that to use as the HMAC key.
I notice that as of .NET 4.0 there is the MachineKey class, however, I am stuck with using .NET 3.5, and this is unavailable to me.
Is there a way to get some sort key that is the same on all machines without generating my own, for use in an ASP.NET 3.5 environment?
Edit
I don't actually need the machine key itself, just the validation key that is derived from the machine key (or equivalent).
回答1:
You can read the machine key from the web.config. This link shows how to do so: http://aspnetresources.com/blog/how_to_read_auto_generated_machinekey
Keep in mind, that the author of the article reads the generated machine key - so you have to do some changes in the code.
I just read the article a little bit more and saw, that it uses reflection, which isn't neccessary, if you store the machine key inside the web.config. Essentially it breaks down to this line:
MachineKeySection section = (MachineKeySection)
ConfigurationManager.GetSection ("system.web/machineKey");
来源:https://stackoverflow.com/questions/14141066/getting-current-machinekey-or-equivilent-for-hmac-in-web-farm