我在ASP.NET中使用MachineKey.Protect
和MachineKey.Unprotect
加密和解密敏感数据。现在,我正在尝试迁移到ASP.NET Core。我读到它有一个数据保护API。但是我有以下问题,无法在文档中找到答案:
您可以将这些代码用于.net core中的机器密钥保护。也请参见此链接。 AspNetTicketBridge
public async Task InvokeAsync(HttpContext context)
{
try
{
var authorizationToken = context.Request.Headers.FirstOrDefault(q => q.Key.Equals("Authorization")).Value;
// Decrypt the token
var ticket = MachineKeyTicketUnprotector.UnprotectOAuthToken(GetTokenWithoutBearer(authorizationToken), _config.DecryptionKey, _config.ValidationKey);
// The ticket is in v3 format and needs to be converted to v5 (ASP.NET Core 2.0).
// Can use whatever you want for AuthScheme
var newTicket = AuthenticationTicketConverter.Convert(ticket, "");
// If using a custom AuthenticationHandler, you can return the new ticket
// in the HandleAuthenticateAsync method.
var result = AuthenticateResult.Success(newTicket);
if (!result.Succeeded)
await UnAuthorizeRequest(context);
await _next.Invoke(context);
}
catch (Exception)
{
await UnAuthorizeRequest(context);
}
}`