0

I am referencing a .NET Framework 4.7.2 class library from an ASP.NET Core application. And the framework code includes MachineKey.Unprotect, which seems to cause the following error:

Could not load type 'System.Web.Security.MachineKey' from assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.

Is this some kind of a limitation or is there a workaround for this?

John L.
  • 1,825
  • 5
  • 18
  • 45
  • Does this answer your question? [How to implement machineKey in ASP.NET Core 2.0](https://stackoverflow.com/questions/46668192/how-to-implement-machinekey-in-asp-net-core-2-0) – kapsiR Jun 03 '20 at 21:54
  • @kapsiR Not really, because I am not trying to reimplement encryption in .NET Core. I need to use the class library as is. – John L. Jun 03 '20 at 21:57
  • Hi @John L,did my reply help you? If my reply have already solved your issue, please accept it as answer. About how mark it as answer, you could refer to [here](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work/5235#5235). This will help other people who faces the same issue..If not,could you please follow up to let me know? – Brando Zhang Jun 09 '20 at 00:16

1 Answers1

0

Since the System.Web.Security isn't build with .NETStandard, we couldn't use it in the asp.net core application.

According to your description, if you want to decrypt the machine key encrypt value. I suggest you could try to use some third party library which implement the asp.net MachineKey.upprotect method. For example: AspNetTicketBridge. You could directly install it from Nuget Package.

More details, you could refer to below test demo:

Protect the message in an asp.net application.

    protected void Page_Load(object sender, EventArgs e)
    {
        //Label1.Text = HttpContext.Current.User.Identity.Name;

        var message = "My secret message";

        var encodedMessage = Encoding.ASCII.GetBytes(message);

        var protectedMessage = MachineKey.Protect(encodedMessage);

        var protectedMessageAsBase64 = Convert.ToBase64String(protectedMessage);

        Label2.Text = protectedMessageAsBase64;

    }

Machine key:

<machineKey compatibilityMode="Framework45" validationKey="xxx" decryptionKey="xxx" validation="SHA1" decryption="Auto" />

Unprotect the message in an asp.net core application:

        string validationKey = "machinekey value";
        string decryptionKey = "machinekey value";
        var message = "above base64 message";

        var convertFromBase64 = Convert.FromBase64String(message);
        var ticket = MachineKeyTicketUnprotector.Unprotect(convertFromBase64, decryptionKey, validationKey, "AES", "HMACSHA1", "User.MachineKey.Protect");

        var decodedMessage = Encoding.ASCII.GetString(ticket);

Result:

enter image description here

If you want to achieve using machinekey in asp.net core application, you could try to implement the source code from the .net Framework machinekey.cs. Details, you could refer to this answer.

Brando Zhang
  • 22,586
  • 6
  • 37
  • 65