问题描述
我需要使用 URL 重写模块将 USERNAME 附加到服务器端的 URL.
I have requirement to append USERNAME to the URL in server side using URL Rewrite module.
为什么?:我有网站 site1,当用户登录到 site1 时,他会看到一个指向 site2. 的链接,这个链接是 URL 或报告.(表).已在 site1 中使用 FormAuthentication 创建了经过身份验证的票证.当 USER 单击链接时,应将经过身份验证的 用户名 传递给 site2.
Why?: I have website site1, when USER logs in to site1, he will see a link to site2., This link is URL or reports. (Tableau). Authenticated ticket has been created using FormAuthentication in site1. When USER clicks the link, authenticated username should be passed to site2.
我可以从客户端附加用户名,但由于安全问题,我必须在执行之前将用户名附加到服务器端的 URL.
I could append username from client side, but due to security issues I have to append username to URL in server side before it gets executed.
所以我决定使用 URL 重写提供程序,它通过解密 cookie 值来获取 用户名,如下所示
So I have decided to use URL rewrite provider, which grabs the username by decrypting the cookie value as shown below
namespace PlatformAnalysisUrlProvider.PlatformAnalysisProvider
{
class AnalysisRewriteProvider: IRewriteProvider, IProviderDescriptor
{
public void Initialize(IDictionary<string, string> settings,
IRewriteContext rewriteContext)
{
}
public string Rewrite(string value)
{
string[] cookievalues = value.Spli('=');
FormAuthentication ticket = FormAuthentication.Decrypt(cookievalues[1]);
//Decrypt throws error as shown below
}
}
}
Cookie 值
cookievalues [0] = has the key
cookievalues [1] = has the value
示例:
233AWJDKSHFHFDSHFJKDFDKJFHDKJFKDJFHDHFDHFKJHDFKJHDFJHDKJFHDSKJFHDF
这是一个 cookie 值.但是解密没有发生
It's a cookie value. But decrypt is not happening
我收到以下错误
Unable to validate data.
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(
Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start,
Int32 length, IVType ivType, Boolean useValidationSymAlgo,
Boolean signData)
这是我在 IIS 中用于 URL 重写的设置
Here is my settings in IIS for URL Rewrite
- 请求的 URL:匹配模式
- 使用:正则表达式
- 忽略大小写 - 已检查
- 条件 -输入:{HTTP_COOKIE}类型:匹配模式模式:.*
- 操作类型 - 重写
- 重写 URL - http://11.155.011.123{HTTP_URL}&USERNAME={PlatformAnalysisUrlProvider:{C:0}}
- Requested URL: Matches the Patterns
- Using: Regular Expression
- Ignore Case - Checked
- Conditions - Input : {HTTP_COOKIE} Type : Matches the Pattern Pattern : .*
- Action Type - Rewrite
- Rewrite URL - http://11.155.011.123{HTTP_URL}&USERNAME={PlatformAnalysisUrlProvider:{C:0}}
其中一个堆栈溢出帖子表明这可能是防火墙或防病毒问题.但是我没有安装杀毒软件或防火墙.
One of the stack overflow post suggested that it might be firewall or antivirus issue. But I do not have antivirus installed or firwall enabled.
如果有人将我引导到使用 IIS 和 URL 重写提供程序托管的网站的代码示例,这真的很有帮助.
It really helps if someone direct me to code sample where web site hosted in IIS and URL Rewrite provider is used.
更新错误日志
MODULE_SET_RESPONSE_ERROR_STATUS通知 - PRE_BEGIN_REQUEST"HttpReason - URL 重写模块错误"
MODULE_SET_RESPONSE_ERROR_STATUS Notification - "PRE_BEGIN_REQUEST" HttpReason - "URL Rewrite Module Error"
使用机器密钥信息更新帖子
<MachineKey Description="AES" validation="SHA1"
descriptionKey="******"
validationKey="******" CompatibilityMode="Framework20SP2">
可能的原因 - 创建 cookie 的网站是使用 .NET Framework 4.5 开发的.我们读取 cookie 的提供者是 Framework 3.5.这可能是原因吗?或者我们是否需要 Provider 项目的配置文件?
Reason May be - The website where cookie getting created is developed using .NET Framework 4.5. The provider where we reading the cookie is Framework 3.5. Is this may be the cause? OR Do we need config file for Provider project?
更新 - 我已将机器密钥添加到 Machine.config ,但它仍然不起作用:(
Updates - I have added machine key to Machine.config , but it still did not work :(
替代解决方案
将 App.config 添加到类库
Add App.config to class Library
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<!-- ... -->
<add key="SecurityKey" value="somevalue"/>
<!-- ... -->
</appSettings>
</configuration>
复制配置到 GAC关注此博客 - http://techphile.blogspot.in/2007/02/2.html
加密值(参考这里) 并在登录时创建自定义 cookie
Encrypt the value (refer here) and create custom cookie during Login
推荐答案
关于这个的好处是,这个错误是一个一般的解密错误,而不是 URL Rewrite 本身的错误,这样你就可以有更广泛的区域来搜索帮助.URL Rewrite 的机制似乎是正确的.
The good thing about this is that the error is a general decryption error and not one with URL Rewrite itself, so that gives you a wider area to search for help. The mechanics of URL Rewrite seem to be right.
解密意味着必须使用与解密相同的方法对其进行加密.所以它必须是正确的 cookie 和正确的解密方法.
Decrypting means that it must be encrypted by the same method as you're decrypting it. So it has to be the right cookie and the right decryption method.
由于您没有检查读取的是哪个 cookie,如果错误的 cookie 在 cookie 列表中排在第一位,您可能会得到意想不到的结果.
Since you're not checking which cookie that you're reading from, you could get unexpected results if the wrong cookie is first in the list of cookies.
以下是我建议的解决此问题的一些步骤:
Here are some steps that I recommend to troubleshoot this:
- 创建一个简单的 URL 重写规则,该规则将为您提供 cookie 的价值.我在下面的示例中创建了一个规则来做到这一点.您可以通过访问 yoursite.com/getcookie 来测试它.它应该重定向到 yoursite.com/?Cookie={cookievalue}
- 然后,您可以在 URL 重写提供程序之外测试您的代码.您可以创建一个简单的控制台应用或 winforms 应用来测试其余代码.
- 我建议先检查 cookie 是否存在,然后再次检查第二个值.例如:if (cookievalues[1] != null).
- 在开发解密方法时,您不必担心 URL Rewrite.只要它在 .NET 中的测试应用程序中工作,那么你应该设置.
<rule name="Get cookie value" stopProcessing="true">
<match url="^getcookie" />
<action type="Redirect" url="/?Cookie={HTTP_COOKIE}" appendQueryString="false" redirectType="Found" />
</rule>这篇关于读取 cookie 值:使用 URL 重写提供程序模块 - 无法在 System.Web.Configuration.MachineKeySection.EncryptOrDecryptData 进行验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,WP2