private string Serialize(object stateGraph, Purpose purpose) { string result = null; MemoryStream ms = GetMemoryStream(); try { Serialize(ms, stateGraph); ms.SetLength(ms.Position); byte[] buffer = ms.GetBuffer(); int length = (int)ms.Length; #if !FEATURE_PAL // FEATURE_PAL does not enable cryptography // We only support serialization of encrypted or encoded data through our internal Page constructors if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider && !_forceLegacyCryptography) { // If we're configured to use the new crypto providers, call into them if encryption or signing (or both) is requested. if (_page != null && (_page.RequiresViewStateEncryptionInternal || _page.EnableViewStateMac)) { Purpose derivedPurpose = purpose.AppendSpecificPurposes(GetSpecificPurposes()); ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(derivedPurpose); byte[] protectedData = cryptoService.Protect(ms.ToArray()); buffer = protectedData; length = protectedData.Length; } } else { // Otherwise go through legacy crypto mechanisms #pragma warning disable 618 // calling obsolete methods if (_page != null && _page.RequiresViewStateEncryptionInternal) { buffer = MachineKeySection.EncryptOrDecryptData(true, buffer, GetMacKeyModifier(), 0, length); length = buffer.Length; } // We need to encode if the page has EnableViewStateMac or we got passed in some mac key string else if ((_page != null && _page.EnableViewStateMac) || _macKeyBytes != null) { buffer = MachineKeySection.GetEncodedData(buffer, GetMacKeyModifier(), 0, ref length); } #pragma warning restore 618 // calling obsolete methods } #endif // !FEATURE_PAL result = Convert.ToBase64String(buffer, 0, length); } finally { ReleaseMemoryStream(ms); } return result; }
private object Deserialize(string inputString, Purpose purpose) { if (String.IsNullOrEmpty(inputString)) { throw new ArgumentNullException("inputString"); } byte[] inputBytes = Convert.FromBase64String(inputString); int length = inputBytes.Length; #if !FEATURE_PAL // FEATURE_PAL does not enable cryptography try { if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider && !_forceLegacyCryptography) { // If we're configured to use the new crypto providers, call into them if encryption or signing (or both) is requested. if (_page != null && (_page.ContainsEncryptedViewState || _page.EnableViewStateMac)) { Purpose derivedPurpose = purpose.AppendSpecificPurposes(GetSpecificPurposes()); ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(derivedPurpose); byte[] clearData = cryptoService.Unprotect(inputBytes); inputBytes = clearData; length = clearData.Length; } } else { // Otherwise go through legacy crypto mechanisms #pragma warning disable 618 // calling obsolete methods if (_page != null && _page.ContainsEncryptedViewState) { inputBytes = MachineKeySection.EncryptOrDecryptData(false, inputBytes, GetMacKeyModifier(), 0, length); length = inputBytes.Length; } // We need to decode if the page has EnableViewStateMac or we got passed in some mac key string else if ((_page != null && _page.EnableViewStateMac) || _macKeyBytes != null) { inputBytes = MachineKeySection.GetDecodedData(inputBytes, GetMacKeyModifier(), 0, length, ref length); } #pragma warning restore 618 // calling obsolete methods } } catch { // MSRC 10405: Don't propagate inner exceptions, as they may contain sensitive cryptographic information. PerfCounters.IncrementCounter(AppPerfCounter.VIEWSTATE_MAC_FAIL); ViewStateException.ThrowMacValidationError(null, inputString); } #endif // !FEATURE_PAL object result = null; MemoryStream objectStream = GetMemoryStream(); try { objectStream.Write(inputBytes, 0, length); objectStream.Position = 0; result = Deserialize(objectStream); } finally { ReleaseMemoryStream(objectStream); } return result; }