这是我的第一个问题和第一篇英文帖子,所以请耐心等待。
我正在开发 ASP.NET MVC Web Api RESTful 应用程序。对于用户身份验证,我想使用加密令牌。我的想法适用于本地主机:用户请求令牌地址/令牌,在标头中包含身份验证:昵称:密码,服务器返回加密令牌,用户将在每次下一个请求中使用它。因此,用户发送带有标头 auth-token: encryptedToken 的请求,服务器将解密此令牌并验证用户。在我的本地主机上,一切都很好。上传到服务器后:(免费用户使用 ASP.NET 4.0)我要求我的令牌,服务器使用此令牌响应(现在一切正常),然后我将发出下一个请求并将我的令牌包含在标头中,服务器尝试解密它在那里崩溃。我知道,它在我设置 RSACryptoServiceProvider 他的私钥的地方部分崩溃(在加密时设置公钥效果很好)。
public class RSAHelper
{
private static string _privateKey = "<?xml version=\"1.0\" encoding=\"utf-16\"?>\r\n<RSAParameters xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">\r\n <Exponent>AQAB</Exponent>\r\n <Modulus>rrEAoxIBFkfvoLr8vvT2Z3CKHKtpXiAPIYKbgtiP/B8YAOhDo1W3dD4MKX05eXn0jFifXBoy2WbGTacE88NocXoSUWVH4a7d3Bm4hfeNawfSSHEpkO0xryU6xF0PdfqO+Vc6y9gajYugUkAdougqaall4TwjsfZ/XUVl6GkTOws=</Modulus>\r\n <P>zDkpvahctB77Hx/4W1Yfp5rCC3B7rL9CHvf+L1rQdEgooK2NI4Nz6uTixgTTmyRSLRdGLIZRAjAUVFNdYaIbCw==</P>\r\n <Q>2vsc41/NtLKoCwUtuXyvx4o0c3/RNVLws3VpQ2Ct+2kHt15siO9IwCTTQPgbUi52e8cbh7w3wwWoLwsugAdgAQ==</Q>\r\n <DP>DcOYhZjQTq9721grQ/SlA4XRqDW3kCf/y9iJACYNwJiQbGvmBEu6x00P36q5nE4xX6qe5ydSVGRrKlfIBmmHiw==</DP>\r\n <DQ>uhlOo613lGmAhl0QTuK4QEwj50Ro93hVNy5BFxHCyjaoaB3G/1jb6u9g2YYBMgZqiybbLq+2c/cKx3ApRIUAAQ==</DQ>\r\n <InverseQ>H0BA/DVxNa/JukiqHYe+xuYtblCL04o7pCoAvx/5BFBqHAFOP8Vg0R16WNNoABUGDRTYe7AkWUAquqW9uVWaLw==</InverseQ>\r\n <D>LGyCtvVrJVlhzMQAZicxShjKZoQIpZENh/4IwfuEkh7uIbzvBmhT4NGukhZwOT4UPGSFEgzvhW2nXDPvBHZa5qT/JknF0juT/B6goa+suMjYupAYk/8oIJuF8ez9MWQ1Blouc+/6Gxoh8tRsRpixoRXbX0kUrz8DdEgjSxp8gAE=</D>\r\n</RSAParameters>";
private static string _publicKey = "<?xml version=\"1.0\" encoding=\"utf-16\"?>\r\n<RSAParameters xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">\r\n <Exponent>AQAB</Exponent>\r\n <Modulus>rrEAoxIBFkfvoLr8vvT2Z3CKHKtpXiAPIYKbgtiP/B8YAOhDo1W3dD4MKX05eXn0jFifXBoy2WbGTacE88NocXoSUWVH4a7d3Bm4hfeNawfSSHEpkO0xryU6xF0PdfqO+Vc6y9gajYugUkAdougqaall4TwjsfZ/XUVl6GkTOws=</Modulus>\r\n</RSAParameters>";
private static UnicodeEncoding _encoder = new UnicodeEncoding();
public static string Decrypt(string data)
{
try
{
var bytesCypherText = Convert.FromBase64String(data);
//rsa.FromXmlString(_privateKey);
//get a stream from the string
var sr = new System.IO.StringReader(_privateKey);
//we need a deserializer
var xs = new System.Xml.Serialization.XmlSerializer(typeof(RSAParameters));
//get the object back from the stream
var privKey = (RSAParameters)xs.Deserialize(sr);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(privKey); //-------- here is the problem
var bytesPlainTextData = rsa.Decrypt(bytesCypherText, false);
//get our original plainText back...
var plainTextData = System.Text.Encoding.Unicode.GetString(bytesPlainTextData);
return plainTextData;
}
catch (Exception)
{
throw new RSAException();
}
}
public static string Encrypt(string data)
{
try
{
var rsa = new RSACryptoServiceProvider();
//rsa.FromXmlString(_publicKey);
//get a stream from the string
var sr = new System.IO.StringReader(_publicKey);
//we need a deserializer
var xs = new System.Xml.Serialization.XmlSerializer(typeof(RSAParameters));
//get the object back from the stream
var pubKey = (RSAParameters)xs.Deserialize(sr);
rsa.ImportParameters(pubKey);
var dataToEncrypt = System.Text.Encoding.Unicode.GetBytes(data);
var bytesCypherText = rsa.Encrypt(dataToEncrypt, false);
return Convert.ToBase64String(bytesCypherText);
}
catch (Exception ex)
{
throw new RSAException();
}
}
public class RSAException : Exception
{
public RSAException() : base("RSA Encryption Error") { }
}
}
抱歉那里有点乱,但我正在努力解决我的问题,我非常绝望。2天后完全没有进展,同样的问题在同一个地方!
我正在尝试 3 个教程或提示: http: //msdn.microsoft.com/cs-cz/library/system.security.cryptography.rsacryptoserviceprovider (v=vs.110).aspx
如何为asp.net mvc 4 web api进行基于角色的授权
我将非常感谢任何帮助
编辑//经过长时间的谷歌搜索,有一些关于类似问题的帖子。对于私钥,我需要完全信任的权限,实际上我有共享服务器。是否有任何现代解决方案可以使其在共享服务器下工作?关于的帖子:
http://www.codeproject.com/Articles/20950/Using-RSA-Public-Key-Encryption-in-a-Shared-Web-Ho
and
http://forums.asp.net/t/983896.aspx