MachineKey生成
安全警告:
只需单击一下按钮,您就可以通过许多网站生成 <machineKey> 元素。切勿使用通过这些网站获得的 <machineKey> 元素。这些密钥是否安全创建或者是否记录到秘密数据库,都无从而知。必须使用您自己创建的 <machineKey> 配置元素。
打开PowerShell然后粘贴以下代码回车
1 # 生成一个可复制并粘贴到 Web.config 文件中的 <machineKey> 元素。 2 function Generate-MachineKey { 3 [CmdletBinding()] 4 param ( 5 [ValidateSet("AES", "DES", "3DES")] 6 [string]$decryptionAlgorithm = 'AES', 7 [ValidateSet("MD5", "SHA1", "HMACSHA256", "HMACSHA384", "HMACSHA512")] 8 [string]$validationAlgorithm = 'HMACSHA256' 9 ) 10 process { 11 function BinaryToHex { 12 [CmdLetBinding()] 13 param($bytes) 14 process { 15 $builder = new-object System.Text.StringBuilder 16 foreach ($b in $bytes) { 17 $builder = $builder.AppendFormat([System.Globalization.CultureInfo]::InvariantCulture, "{0:X2}", $b) 18 } 19 $builder 20 } 21 } 22 switch ($decryptionAlgorithm) { 23 "AES" { $decryptionObject = new-object System.Security.Cryptography.AesCryptoServiceProvider } 24 "DES" { $decryptionObject = new-object System.Security.Cryptography.DESCryptoServiceProvider } 25 "3DES" { $decryptionObject = new-object System.Security.Cryptography.TripleDESCryptoServiceProvider } 26 } 27 $decryptionObject.GenerateKey() 28 $decryptionKey = BinaryToHex($decryptionObject.Key) 29 $decryptionObject.Dispose() 30 switch ($validationAlgorithm) { 31 "MD5" { $validationObject = new-object System.Security.Cryptography.HMACMD5 } 32 "SHA1" { $validationObject = new-object System.Security.Cryptography.HMACSHA1 } 33 "HMACSHA256" { $validationObject = new-object System.Security.Cryptography.HMACSHA256 } 34 "HMACSHA385" { $validationObject = new-object System.Security.Cryptography.HMACSHA384 } 35 "HMACSHA512" { $validationObject = new-object System.Security.Cryptography.HMACSHA512 } 36 } 37 $validationKey = BinaryToHex($validationObject.Key) 38 $validationObject.Dispose() 39 [string]::Format([System.Globalization.CultureInfo]::InvariantCulture, 40 "<machineKey decryption=`"{0}`" decryptionKey=`"{1}`" validation=`"{2}`" validationKey=`"{3}`" />", 41 $decryptionAlgorithm.ToUpperInvariant(), $decryptionKey, 42 $validationAlgorithm.ToUpperInvariant(), $validationKey) 43 } 44 }
对于 ASP.NET 4.0 应用程序,您只需调用 Generate-MachineKey(不带参数),就能生成 <machineKey> 元素,如下所示:
PS> Generate-MachineKey <machineKey decryption="AES" decryptionKey="..." validation="HMACSHA256" validationKey="..."/>
ASP.NET 2.0 和 3.5 应用程序不支持 HMACSHA256。您可以改为指定 SHA1 来生成一个兼容的 <machineKey> 元素,如下所示:
PS> Generate-MachineKey -validation sha1 <machineKey decryption="AES" decryptionKey="..." validation="SHA1" validationKey="..."/>
