Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Sign Session Token with Machine Key #44

Closed
benfoster opened this Issue · 8 comments

4 participants

@benfoster

Is it possible to configure the Session Token to be signed using the machine key specified in web.config?

Currently we're using a constant which feels dirty:

            SessionToken = new SessionTokenConfiguration
            {
                SigningKey = Constants.SessionTokenSigningKey
            }
@johnkwaters

If you are going to deploy this to a webfarm, or load balanced with several web roles in Azure, the key needs to be the same on all machines, so a constant is actually a good idea. You could put the constant in web.config, or in Azure in your cscfg.

@benfoster
@johnkwaters

Ah, I see, so you are thinking something like:

SessionToken = new SessionTokenConfiguration
{
SigningKeyMode = SessionTokenSigningKeyMode.UseMachineKey
}

And then the SessionTokenConfig would know to go and read the Machine Key, and call it's Encode and Decode methods?

@benfoster
@leastprivilege

@brockallen Is there an easy way to get to the machine key validation byte[] ?

@brockallen
Owner

public static int HexToInt(char h)
{
if ((h >= '0') && (h <= '9'))
{
return (h - '0');
}
if ((h >= 'a') && (h <= 'f'))
{
return ((h - 'a') + 10);
}
if ((h >= 'A') && (h <= 'F'))
{
return ((h - 'A') + 10);
}
return -1;
}

public static byte[] HexToBinary(string data)
{
if ((data == null) || ((data.Length % 2) != 0))
{
return null;
}
byte[] buffer = new byte[data.Length / 2];
for (int i = 0; i < buffer.Length; i++)
{
int num2 = HexToInt(data[2 * i]);
int num3 = HexToInt(data[(2 * i) + 1]);
if ((num2 == -1) || (num3 == -1))
{
return null;
}
buffer[i] = (byte)((num2 << 4) | num3);
}
return buffer;
}

var mkConfig = (System.Web.Configuration.MachineKeySection)ConfigurationManager.GetSection("system.web/machineKey");
var key = HexToBinary(mkConfig.ValidationKey);

@brockallen
Owner

Is there still anything open related to this, or can we close the issue?

@benfoster

I haven't tested it yet but it looks like it answers my question.

@benfoster benfoster closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.