How to obtain random cookie encryption and verification keys in ASP. NET

This article is a supplement to the cookie issue that needs to be considered when upgrading from ASP. ne t 1.1 to ASP. NET 2.0. Code This section describes how to obtain random cookie encryption and verification keys in ASP. NET 1.1 and ASP. NET 2.0 through reflection.
Sample Code for ASP. NET 1.1: Object Machinekeyconfig = Httpcontext. Current. getconfig ( " System. Web/machinekey " );
// Obtain the instance of system. Web. configuration. machinekey + machinekeyconfig. machinekeyconfig is a nested class of machinekey.

Type machinekeytype = Machinekeyconfig. GetType (). Assembly. GetType ( " System. Web. configuration. machinekey " );
// Obtain the system. Web. configuration. machinekey type.

Bindingflags BF = Bindingflags. nonpublic | Bindingflags. Static;
// Set binding flag

Methodinfo bytearraytohexstring = Machinekeytype. getmethod ( " Bytearraytohexstring " , BF );
// Obtain the bytearraytohexstring method in the machinekey through reflection. This method is used to convert a byte array to a hex string.

Byte [] validationkey = (Byte []) machinekeytype. getfield ( " S_validationkey " , BF). getvalue (machinekeyconfig );
// Obtain the verification key byte array
Symmetricalgorithm Algorithm = (Symmetricalgorithm) machinekeytype. getfield ( " S_odes " , BF). getvalue (machinekeyconfig );
Byte [] decryptionkey = Algorithm. Key;
// Obtain the Encrypted Key byte array
String Validationkey = ( String ) Bytearraytohexstring. Invoke ( Null , New   Object [] {Validationkey, validationkey. Length });
// Converts the verification key byte array to a hex string.
String Decryptionkey = ( String ) Bytearraytohexstring. Invoke ( Null , New   Object [] {Decryptionkey, decryptionkey. Length });
// Converts an encrypted key byte array to a hexadecimal string.

Sample Code for ASP. NET 2.0:System. Web. configuration. machinekeysection =   New System. Web. configuration. machinekeysection ();
// Directly create an instance of machinekeysection. in ASP. NET 2.0, use machinekeysection to replace the machinekey in ASP. NET 1.1, which can be accessed directly without being protected by internal.
Type type =   Typeof (System. Web. configuration. machinekeysection ); // Or machinekeysection. GetType ();

Propertyinfo = Type. getproperty ( " Validationkeyinternal " , Bindingflags. nonpublic | Bindingflags. instance );
Byte [] validationkeyarray = (Byte []) propertyinfo. getvalue (machinekeysection, Null );
// Obtain the randomly generated verification key byte array

Propertyinfo = Type. getproperty ( " Decryptionkeyinternal " , Bindingflags. nonpublic | Bindingflags. instance );
Byte [] decryptionkeyarray = (Byte []) propertyinfo. getvalue (machinekeysection, Null );
// Obtain a random array of encrypted key bytes

Methodinfo bytearraytohexstring = Type. getmethod ( " Bytearraytohexstring " , Bindingflags. Static | Bindingflags. nonpublic );
// Obtain the bytearraytohexstring method in machinekeysection through reflection. This method is used to convert a byte array to a hex string.
String Validationkey = ( String ) Bytearraytohexstring. Invoke ( Null , New   Object [] {Validationkeyarray, validationkeyarray. Length });
// Converts the verification key byte array to a hex string.
String Decryptionkey = ( String ) Bytearraytohexstring. Invoke ( Null , New   Object [] {Decryptionkeyarray, decryptionkeyarray. Length });
// Converts an encrypted key byte array to a hexadecimal string.

//Author's blog:Http://dudu.cnblogs.com