This article is a supplement to the cookie issues that need to be considered when upgrading from ASP.NET 1.1 to ASP.NET 2.0. It uses sample code to illustrate how to obtain randomly generated cookie encryption and verification keys in ASP.NET 1.1 and ASP.NET 2.0 through reflection. .
ASP.NET 1.1 sample code:
object machineKeyConfig = HttpContext.Current.GetConfig("system.web/machineKey");
//Get an instance of System.Web.Configuration.MachineKey+MachineKeyConfig. MachineKeyConfig is a nested class of MachineKey.
Type machineKeyType = machineKeyConfig.GetType().Assembly.GetType("System.Web.Configuration.MachineKey");
//Get System.Web.Configuration.MachineKey type
BindingFlags bf = BindingFlags.NonPublic | BindingFlags.Static;
//Set binding flag
MethodInfo byteArrayToHexString = machineKeyType.GetMethod("ByteArrayToHexString", bf);
//Get the ByteArrayToHexString method in MachineKey through reflection, which is used to convert the byte array into a hexadecimal string
Byte[] validationKey = (Byte[])machineKeyType.GetField("s_validationKey",bf).GetValue (machineKeyConfig);
//Get the verification key byte array
SymmetricAlgorithm algorithm = (SymmetricAlgorithm)machineKeyType.GetField("s_oDes",bf).GetValue(machineKeyConfig);
Byte[] decryptionKey = algorithm.Key;
//Get the encryption key byte array
string ValidationKey = (string)byteArrayToHexString.Invoke(null,new object[]{validationKey,validationKey.Length});
//Convert the verification key byte array into a string represented by hexadecimal
string DecryptionKey = (string)byteArrayToHexString.Invoke(null,new object[]{decryptionKey,decryptionKey.Length});
//Convert the encryption key byte array into a string represented by hexadecimal
ASP.NET 2.0 sample code:
System.Web.Configuration.MachineKeySection machineKeySection = new System.Web.Configuration.MachineKeySection();
//Directly create an instance of MachineKeySection. In ASP.NET 2.0, machineKeySection is used to replace MachineKey in ASP.NET 1.1, and it can be accessed directly and is not protected internally.
Type type = typeof(System.Web.Configuration.MachineKeySection);//or machineKeySection.GetType();
PropertyInfo propertyInfo = type.GetProperty("ValidationKeyInternal", BindingFlags.NonPublic | BindingFlags.Instance);
Byte[] validationKeyArray = (Byte[])propertyInfo.GetValue(machineKeySection, null);
//Get the randomly generated verification key byte array
propertyInfo = type.GetProperty("DecryptionKeyInternal", BindingFlags.NonPublic | BindingFlags.Instance);
Byte[] decryptionKeyArray = (Byte[])propertyInfo.GetValue(machineKeySection, null);
//Get the randomly generated encryption key byte array
MethodInfo byteArrayToHexString = type.GetMethod("ByteArrayToHexString", BindingFlags.Static | BindingFlags.NonPublic);
//Obtain the ByteArrayToHexString method in MachineKeySection through reflection, which is used to convert the byte array into a hexadecimal string.
string validationKey = (string)byteArrayToHexString.Invoke(null, new object[] { validationKeyArray, validationKeyArray.Length });
//Convert the verification key byte array into a string represented by hexadecimal
string DecryptionKey = (string)byteArrayToHexString.Invoke(null, new object[] { decryptionKeyArray, decryptionKeyArray.Length });
//Convert the encryption key byte array into a hexadecimal string
//Author's Blog: http://dudu.cnblogs.com