public string Serialize(object stateGraph)
{
string str = null;
MemoryStream memoryStream = GetMemoryStream();
try
{
this.Serialize(memoryStream, stateGraph);
memoryStream.SetLength(memoryStream.Position);
byte[] buf = memoryStream.GetBuffer();
int length = (int)memoryStream.Length;
if ((this._page != null) && this._page.RequiresViewStateEncryptionInternal)
{
buf = MachineKeySection.EncryptOrDecryptData(true, buf, this.GetMacKeyModifier(), 0, length);
length = buf.Length;
}
else if (((this._page != null) && this._page.EnableViewStateMac) || (this._macKeyBytes != null))
{
buf = MachineKeySection.GetEncodedData(buf, this.GetMacKeyModifier(), 0, ref length);
}
str = Convert.ToBase64String(buf, 0, length);
}
finally
{
ReleaseMemoryStream(memoryStream);
}
return(str);
}
public static string Encode(byte[] data, MachineKeyProtection protectionOption)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
//////////////////////////////////////////////////////////////////////
// Step 1: Get the MAC and add to the blob
if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Validation)
{
byte[] bHash = MachineKeySection.HashData(data, null, 0, data.Length);
byte[] bAll = new byte[bHash.Length + data.Length];
Buffer.BlockCopy(data, 0, bAll, 0, data.Length);
Buffer.BlockCopy(bHash, 0, bAll, data.Length, bHash.Length);
data = bAll;
}
if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Encryption)
{
//////////////////////////////////////////////////////////////////////
// Step 2: Encryption
data = MachineKeySection.EncryptOrDecryptData(true, data, null, 0, data.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
}
//////////////////////////////////////////////////////////////////////
// Step 3: Covert the buffer to HEX string and return it
return(CryptoUtil.BinaryToHex(data));
}
internal static byte[] Decode(CookieProtection cookieProtection, string data, Purpose purpose)
{
byte[] buf = HttpServerUtility.UrlTokenDecode(data);
if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
{
// If we're configured to go through the new crypto routines, do so.
ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(purpose);
return(cryptoService.Unprotect(buf));
}
#pragma warning disable 618 // calling obsolete methods
// Otherwise fall back to using MachineKeySection.
if (buf == null || cookieProtection == CookieProtection.None)
{
return(buf);
}
if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Encryption)
{
buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length);
if (buf == null)
{
return(null);
}
}
if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Validation)
{
return(MachineKeySection.GetUnHashedData(buf));
}
return(buf);
#pragma warning restore 618 // calling obsolete methods
}
internal static String Encrypt(FormsAuthenticationTicket ticket, bool hexEncodedTicket)
{
if (ticket == null)
{
throw new ArgumentNullException("ticket");
}
Initialize();
//////////////////////////////////////////////////////////////////////
// Step 1a: Make it into a binary blob
byte[] bBlob = MakeTicketIntoBinaryBlob(ticket);
if (bBlob == null)
{
return(null);
}
//////////////////////////////////////////////////////////////////////
// Step 1b: If new crypto routines are enabled, call them instead.
if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
{
ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(Purpose.FormsAuthentication_Ticket);
byte[] protectedData = cryptoService.Protect(bBlob);
bBlob = protectedData;
}
else
{
#pragma warning disable 618 // calling obsolete methods
// otherwise..
//////////////////////////////////////////////////////////////////////
// Step 2: Get the MAC and add to the blob
if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Validation)
{
byte[] bMac = MachineKeySection.HashData(bBlob, null, 0, bBlob.Length);
if (bMac == null)
{
return(null);
}
byte[] bAll = new byte[bMac.Length + bBlob.Length];
Buffer.BlockCopy(bBlob, 0, bAll, 0, bBlob.Length);
Buffer.BlockCopy(bMac, 0, bAll, bBlob.Length, bMac.Length);
bBlob = bAll;
}
if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Encryption)
{
//////////////////////////////////////////////////////////////////////
// Step 3: Do the actual encryption
// DevDiv Bugs 137864: Include a random IV if under the right compat mode
// for improved encryption semantics
bBlob = MachineKeySection.EncryptOrDecryptData(true, bBlob, null, 0, bBlob.Length, false, false, IVType.Random);
}
#pragma warning restore 618 // calling obsolete methods
}
//if (!hexEncodedTicket)
// return HttpServerUtility.UrlTokenEncode(bBlob);
//else
return(CryptoUtil.BinaryToHex(bBlob));
}
private static string Encrypt(FormsAuthenticationTicket ticket, bool hexEncodedTicket)
{
if (ticket == null)
{
throw new ArgumentNullException("ticket");
}
Initialize();
byte[] buf = MakeTicketIntoBinaryBlob(ticket);
if (buf == null)
{
return(null);
}
if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Validation))
{
byte[] src = MachineKeySection.HashData(buf, null, 0, buf.Length);
if (src == null)
{
return(null);
}
byte[] dst = new byte[src.Length + buf.Length];
Buffer.BlockCopy(buf, 0, dst, 0, buf.Length);
Buffer.BlockCopy(src, 0, dst, buf.Length, src.Length);
buf = dst;
}
if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Encryption))
{
buf = MachineKeySection.EncryptOrDecryptData(true, buf, null, 0, buf.Length, false, false, IVType.Random);
}
if (!hexEncodedTicket)
{
return(HttpServerUtility.UrlTokenEncode(buf));
}
return(MachineKeySection.ByteArrayToHexString(buf, 0));
}
internal static string Encode(CookieProtection cookieProtection, byte[] buf, int count)
{
if ((cookieProtection == CookieProtection.All) || (cookieProtection == CookieProtection.Validation))
{
byte[] src = MachineKeySection.HashData(buf, null, 0, count);
if (src == null)
{
return(null);
}
if (buf.Length >= (count + src.Length))
{
Buffer.BlockCopy(src, 0, buf, count, src.Length);
}
else
{
byte[] buffer2 = buf;
buf = new byte[count + src.Length];
Buffer.BlockCopy(buffer2, 0, buf, 0, count);
Buffer.BlockCopy(src, 0, buf, count, src.Length);
}
count += src.Length;
}
if ((cookieProtection == CookieProtection.All) || (cookieProtection == CookieProtection.Encryption))
{
buf = MachineKeySection.EncryptOrDecryptData(true, buf, null, 0, count);
count = buf.Length;
}
if (count < buf.Length)
{
byte[] buffer3 = buf;
buf = new byte[count];
Buffer.BlockCopy(buffer3, 0, buf, 0, count);
}
return(HttpServerUtility.UrlTokenEncode(buf));
}
public static byte[] Decode(string encodedData, MachineKeyProtection protectionOption)
{
if (encodedData == null)
{
throw new ArgumentNullException("encodedData");
}
if ((encodedData.Length % 2) != 0)
{
throw new ArgumentException(null, "encodedData");
}
byte[] buf = null;
try
{
buf = MachineKeySection.HexStringToByteArray(encodedData);
}
catch
{
throw new ArgumentException(null, "encodedData");
}
if ((buf == null) || (buf.Length < 1))
{
throw new ArgumentException(null, "encodedData");
}
if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Encryption))
{
buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
if (buf == null)
{
return(null);
}
}
if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Validation))
{
if (buf.Length < MachineKeySection.HashSize)
{
return(null);
}
byte[] src = buf;
buf = new byte[src.Length - MachineKeySection.HashSize];
Buffer.BlockCopy(src, 0, buf, 0, buf.Length);
byte[] buffer3 = MachineKeySection.HashData(buf, null, 0, buf.Length);
if ((buffer3 == null) || (buffer3.Length != MachineKeySection.HashSize))
{
return(null);
}
for (int i = 0; i < buffer3.Length; i++)
{
if (buffer3[i] != src[buf.Length + i])
{
return(null);
}
}
}
return(buf);
}
public byte[] EncryptOrDecryptData(bool encrypt, byte[] buffer, bool useLegacyMode)
{
// DevDiv Bugs 137864: Use IVType.None for compatibility with stored passwords even after SP20 compat mode enabled.
// This is the ONLY case IVType.None should be used.
// We made changes to how encryption takes place in response to MSRC 10405. Membership needs to opt-out of
// these changes (by setting signData to false) to preserve back-compat with existing databases.
#pragma warning disable 618 // calling obsolete methods
return(MachineKeySection.EncryptOrDecryptData(encrypt, buffer, (byte[])null, 0, buffer.Length, false /* useValidationSymAlgo */, useLegacyMode, IVType.None, false /*Sign*/));
#pragma warning restore 618 // calling obsolete methods
}
internal static string Encode(CookieProtection cookieProtection, byte [] buf, Purpose purpose)
{
if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
{
// If we're configured to go through the new crypto routines, do so.
ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(purpose);
return(HttpServerUtility.UrlTokenEncode(cryptoService.Protect(buf)));
}
#pragma warning disable 618 // calling obsolete methods
// Otherwise fall back to using MachineKeySection.
int count = buf.Length;
if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Validation)
{
byte[] bMac = MachineKeySection.HashData(buf, null, 0, count);
if (bMac == null)
{
return(null);
}
if (buf.Length >= count + bMac.Length)
{
Buffer.BlockCopy(bMac, 0, buf, count, bMac.Length);
}
else
{
byte[] bTemp = buf;
buf = new byte[count + bMac.Length];
Buffer.BlockCopy(bTemp, 0, buf, 0, count);
Buffer.BlockCopy(bMac, 0, buf, count, bMac.Length);
}
count += bMac.Length;
}
if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Encryption)
{
buf = MachineKeySection.EncryptOrDecryptData(true, buf, null, 0, count);
count = buf.Length;
}
if (count < buf.Length)
{
byte[] bTemp = buf;
buf = new byte[count];
Buffer.BlockCopy(bTemp, 0, buf, 0, count);
}
#pragma warning restore 618 // calling obsolete methods
return(HttpServerUtility.UrlTokenEncode(buf));
}
public static string Encode(byte[] data, MachineKeyProtection protectionOption)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Validation))
{
byte[] src = MachineKeySection.HashData(data, null, 0, data.Length);
byte[] dst = new byte[src.Length + data.Length];
Buffer.BlockCopy(data, 0, dst, 0, data.Length);
Buffer.BlockCopy(src, 0, dst, data.Length, src.Length);
data = dst;
}
if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Encryption))
{
data = MachineKeySection.EncryptOrDecryptData(true, data, null, 0, data.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
}
return(MachineKeySection.ByteArrayToHexString(data, 0));
}
public object Deserialize(string inputString)
{
if (string.IsNullOrEmpty(inputString))
{
throw new ArgumentNullException("inputString");
}
byte[] buf = Convert.FromBase64String(inputString);
int length = buf.Length;
try
{
if ((this._page != null) && this._page.ContainsEncryptedViewState)
{
buf = MachineKeySection.EncryptOrDecryptData(false, buf, this.GetMacKeyModifier(), 0, length);
length = buf.Length;
}
else if (((this._page != null) && this._page.EnableViewStateMac) || (this._macKeyBytes != null))
{
buf = MachineKeySection.GetDecodedData(buf, this.GetMacKeyModifier(), 0, length, ref length);
}
}
catch
{
PerfCounters.IncrementCounter(AppPerfCounter.VIEWSTATE_MAC_FAIL);
ViewStateException.ThrowMacValidationError(null, inputString);
}
object obj2 = null;
MemoryStream memoryStream = GetMemoryStream();
try
{
memoryStream.Write(buf, 0, length);
memoryStream.Position = 0L;
obj2 = this.Deserialize(memoryStream);
}
finally
{
ReleaseMemoryStream(memoryStream);
}
return(obj2);
}
internal static byte[] Decode(CookieProtection cookieProtection, string data)
{
byte[] buf = HttpServerUtility.UrlTokenDecode(data);
if ((buf == null) || (cookieProtection == CookieProtection.None))
{
return(buf);
}
if ((cookieProtection == CookieProtection.All) || (cookieProtection == CookieProtection.Encryption))
{
buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length);
if (buf == null)
{
return(null);
}
}
if ((cookieProtection != CookieProtection.All) && (cookieProtection != CookieProtection.Validation))
{
return(buf);
}
return(MachineKeySection.GetUnHashedData(buf));
}
public static byte[] Decode(string encodedData, MachineKeyProtection protectionOption)
{
if (encodedData == null)
{
throw new ArgumentNullException("encodedData");
}
if ((encodedData.Length % 2) != 0)
{
throw new ArgumentException(null, "encodedData");
}
byte[] data = null;
try {
//////////////////////////////////////////////////////////////////////
// Step 1: Covert the HEX string to byte array
data = CryptoUtil.HexToBinary(encodedData);
}
catch {
throw new ArgumentException(null, "encodedData");
}
if (data == null || data.Length < 1)
{
throw new ArgumentException(null, "encodedData");
}
if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Encryption)
{
//////////////////////////////////////////////////////////////////
// Step 2: Decrypt the data
data = MachineKeySection.EncryptOrDecryptData(false, data, null, 0, data.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
if (data == null)
{
return(null);
}
}
if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Validation)
{
//////////////////////////////////////////////////////////////////
// Step 3a: Remove the hash from the end of the data
if (data.Length < MachineKeySection.HashSize)
{
return(null);
}
byte[] originalData = data;
data = new byte[originalData.Length - MachineKeySection.HashSize];
Buffer.BlockCopy(originalData, 0, data, 0, data.Length);
//////////////////////////////////////////////////////////////////
// Step 3b: Calculate the hash and make sure it matches
byte[] bHash = MachineKeySection.HashData(data, null, 0, data.Length);
if (bHash == null || bHash.Length != MachineKeySection.HashSize)
{
return(null); // Sizes don't match
}
for (int iter = 0; iter < bHash.Length; iter++)
{
if (bHash[iter] != originalData[data.Length + iter])
{
return(null); // Mis-match found
}
}
}
return(data);
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Decrypt and get the auth ticket
/// <devdoc>
/// <para>Given an encrypted authenitcation ticket as
/// obtained from an HTTP cookie, this method returns an instance of a
/// FormsAuthenticationTicket class.</para>
/// </devdoc>
public static FormsAuthenticationTicket Decrypt(string encryptedTicket)
{
if (String.IsNullOrEmpty(encryptedTicket) || encryptedTicket.Length > MAX_TICKET_LENGTH)
{
throw new ArgumentException(SR.GetString(SR.InvalidArgumentValue, "encryptedTicket"));
}
Initialize();
byte[] bBlob = null;
if ((encryptedTicket.Length % 2) == 0) // Could be a hex string
{
try {
bBlob = CryptoUtil.HexToBinary(encryptedTicket);
} catch { }
}
if (bBlob == null)
{
bBlob = HttpServerUtility.UrlTokenDecode(encryptedTicket);
}
if (bBlob == null || bBlob.Length < 1)
{
throw new ArgumentException(SR.GetString(SR.InvalidArgumentValue, "encryptedTicket"));
}
int ticketLength;
if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
{
// If new crypto routines are enabled, call them instead.
ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(Purpose.FormsAuthentication_Ticket);
byte[] unprotectedData = cryptoService.Unprotect(bBlob);
ticketLength = unprotectedData.Length;
bBlob = unprotectedData;
}
else
{
#pragma warning disable 618 // calling obsolete methods
// Otherwise call into MachineKeySection routines.
if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Encryption)
{
// DevDiv Bugs 137864: Include a random IV if under the right compat mode
// for improved encryption semantics
bBlob = MachineKeySection.EncryptOrDecryptData(false, bBlob, null, 0, bBlob.Length, false, false, IVType.Random);
if (bBlob == null)
{
return(null);
}
}
ticketLength = bBlob.Length;
if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Validation)
{
if (!MachineKeySection.VerifyHashedData(bBlob))
{
return(null);
}
ticketLength -= MachineKeySection.HashSize;
}
#pragma warning restore 618 // calling obsolete methods
}
//////////////////////////////////////////////////////////////////////
// Step 4: Change binary ticket to managed struct
// ** MSRC 11838 **
// Framework20 / Framework40 ticket generation modes are insecure. We should use a
// secure serialization mode by default.
if (!AppSettings.UseLegacyFormsAuthenticationTicketCompatibility)
{
return(FormsAuthenticationTicketSerializer.Deserialize(bBlob, ticketLength));
}
// ** MSRC 11838 **
// If we have reached this point of execution, the developer has explicitly elected
// to continue using the insecure code path instead of the secure one. We removed
// the Framework40 serialization mode, so everybody using the legacy code path is
// forced to Framework20.
int iSize = ((ticketLength > MAX_TICKET_LENGTH) ? MAX_TICKET_LENGTH : ticketLength);
StringBuilder name = new StringBuilder(iSize);
StringBuilder data = new StringBuilder(iSize);
StringBuilder path = new StringBuilder(iSize);
byte [] pBin = new byte[4];
long [] pDates = new long[2];
int iRet = UnsafeNativeMethods.CookieAuthParseTicket(bBlob, ticketLength,
name, iSize,
data, iSize,
path, iSize,
pBin, pDates);
if (iRet != 0)
{
return(null);
}
DateTime dt1 = DateTime.FromFileTime(pDates[0]);
DateTime dt2 = DateTime.FromFileTime(pDates[1]);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket((int)pBin[0],
name.ToString(),
dt1,
dt2,
(bool)(pBin[1] != 0),
data.ToString(),
path.ToString());
return(ticket);
}
public byte[] EncryptOrDecryptData(bool encrypt, byte[] buffer, bool useLegacyMode)
{
return(MachineKeySection.EncryptOrDecryptData(encrypt, buffer, null, 0, buffer.Length, false, useLegacyMode, IVType.None, false));
}
public static FormsAuthenticationTicket Decrypt(string encryptedTicket)
{
if (string.IsNullOrEmpty(encryptedTicket) || (encryptedTicket.Length > 0x1000))
{
throw new ArgumentException(System.Web.SR.GetString("InvalidArgumentValue", new object[] { "encryptedTicket" }));
}
Initialize();
byte[] buf = null;
if ((encryptedTicket.Length % 2) == 0)
{
try
{
buf = MachineKeySection.HexStringToByteArray(encryptedTicket);
}
catch
{
}
}
if (buf == null)
{
buf = HttpServerUtility.UrlTokenDecode(encryptedTicket);
}
if ((buf == null) || (buf.Length < 1))
{
throw new ArgumentException(System.Web.SR.GetString("InvalidArgumentValue", new object[] { "encryptedTicket" }));
}
if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Encryption))
{
buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length, false, false, IVType.Random);
if (buf == null)
{
return(null);
}
}
int length = buf.Length;
if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Validation))
{
if (!MachineKeySection.VerifyHashedData(buf))
{
return(null);
}
length -= MachineKeySection.HashSize;
}
if (!AppSettings.UseLegacyFormsAuthenticationTicketCompatibility)
{
return(FormsAuthenticationTicketSerializer.Deserialize(buf, length));
}
int capacity = (length > 0x1000) ? 0x1000 : length;
StringBuilder szName = new StringBuilder(capacity);
StringBuilder szData = new StringBuilder(capacity);
StringBuilder szPath = new StringBuilder(capacity);
byte[] pBytes = new byte[4];
long[] pDates = new long[2];
if (System.Web.UnsafeNativeMethods.CookieAuthParseTicket(buf, length, szName, capacity, szData, capacity, szPath, capacity, pBytes, pDates) != 0)
{
return(null);
}
DateTime issueDate = DateTime.FromFileTime(pDates[0]);
return(new FormsAuthenticationTicket(pBytes[0], szName.ToString(), issueDate, DateTime.FromFileTime(pDates[1]), pBytes[1] != 0, szData.ToString(), szPath.ToString()));
}
