开发者

Question about HttpCookies

I need to generate a cookie that has a secret value which I am the only one to know it .

Ideas ?

UPDATE

I have a handler page which is available for everyone I call this page to get RSSFeed using Ajax . What I need to do is preventing other people from forging HttpRequest and get the data returned I've tried to use Authentication forms but no good also I heared about nonce to开发者_StackOverflow社区ken stuffs but I have no Idea how to use it . !

UPDATE2

Read This this exactly my problem ..


Generally storing sensitive information in a cookie is a bad idea, but you could encrypt it with a key that is only known to the server if the cookie isn't being used client-side. You can use the AesManaged class to encrypt it, and store the Key somewhere safe, such as a file with locked down ACLs.

Here is an example of how to do so.

public string GetEncryptedCookieValue(string cookieKey)
{
    using (var aes = new AesManaged())
    {
        aes.Key = new byte[0];//TODO: Replace this with getting the secret key.
        aes.IV = new byte[0];//TODO: Replace this with getting the secret IV.
        var cookie = Request.Cookies[cookieKey];
        var data = Convert.FromBase64String(cookie.Value);
        using (var transform = aes.CreateDecryptor())
        {
            var clearData = transform.TransformFinalBlock(data, 0, data.Length);
            return Encoding.UTF8.GetString(clearData);
        }
    }
}

public void SetEncryptedCookieValue(string cookieKey, string value)
{
    using (var aes = new AesManaged())
    {
        aes.Key = new byte[0];//TODO: Replace this with getting the secret key.
        aes.IV = new byte[0];//TODO: Replace this with getting the secret IV.
        var clearData = Encoding.UTF8.GetBytes(value);
        using (var transform = aes.CreateEncryptor())
        {
            var data = transform.TransformFinalBlock(clearData, 0, clearData.Length);
            Response.SetCookie(new HttpCookie(cookieKey, Convert.ToBase64String(data)));
        }
    } 
}

Again, I would stress that storing sensitive information in a cookie is a practice that should be discouraged. If you update your question to what you are trying to accomplish, perhaps there is a more reasonable solution.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜