MachineKeySection.CompatibilityMode 属性
定义
获取或设置一个值,该值指定视图状态的升级加密方法是否在使用 .NET Framework 2.0 版 Service Pack 1 发行版后引入。Gets or sets a value that specifies whether upgraded encryption methods for view state that were introduced after the .NET Framework version 2.0 Service Pack 1 release are used.
public:
property System::Web::Configuration::MachineKeyCompatibilityMode CompatibilityMode { System::Web::Configuration::MachineKeyCompatibilityMode get(); void set(System::Web::Configuration::MachineKeyCompatibilityMode value); };
[System.Configuration.ConfigurationProperty("compatibilityMode", DefaultValue=Mono.Cecil.CustomAttributeArgument)]
public System.Web.Configuration.MachineKeyCompatibilityMode CompatibilityMode { get; set; }
[<System.Configuration.ConfigurationProperty("compatibilityMode", DefaultValue=Mono.Cecil.CustomAttributeArgument)>]
member this.CompatibilityMode : System.Web.Configuration.MachineKeyCompatibilityMode with get, set
Public Property CompatibilityMode As MachineKeyCompatibilityMode
属性值
一个指示是否在使用 .NET Framework 2.0 SP1 发行版后引入的加密方法的值。A value that indicates whether encryption methods that were introduced after the .NET Framework 2.0 SP1 release are used.
- 属性
注解
.NET Framework 更高版本中升级的加密方法可降低攻击者成功对值进行反向工程的风险 DecryptionKey 。The upgraded encryption methods in later versions of the .NET Framework reduce the risk that an attacker can successfully reverse-engineer the DecryptionKey value. 为了保持向后兼容性,可以使用较旧的加密方法。The older encryption methods are available in order to maintain backward compatibility.
Web 场中的所有服务器都应将 CompatibilityMode 属性设置为相同的值。All servers in a Web farm should have the CompatibilityMode property set to the same value. 如果读取 forms 身份验证票证的服务器的 CompatibilityMode 设置与创建该票证的服务器的设置不同,则不能识别该票证。If the server that reads a forms authentication ticket has a different CompatibilityMode setting than the server that created the ticket, the ticket won't be recognized.
可以为属性指定以下值 CompatibilityMode :The following values can be specified for the CompatibilityMode property:
Framework20SP1.Framework20SP1. 此值指定 ASP.NET 使用 2.0 SP2 之前版本的 ASP.NET 中提供的加密方法。This value specifies that ASP.NET uses encryption methods that were available in versions of ASP.NET earlier than 2.0 SP2. 如果任何服务器具有早于 2.0 SP2 的 .NET Framework 版本,请将此值用于 web 场中的所有服务器。Use this value for all servers in a web farm if any server has a version of the .NET Framework earlier than 2.0 SP2. 这是默认值,除非应用程序 Web.config 文件的targetFramework属性httpRuntime设置为 "4.5"。This is the default value unless the application Web.config file has thetargetFrameworkattribute of thehttpRuntimeelement set to "4.5".Framework20SP2.Framework20SP2. 此值指定 ASP.NET 使用 .NET Framework 2.0 SP2 中引入的升级加密方法。This value specifies that ASP.NET uses upgraded encryption methods that were introduced in the .NET Framework 2.0 SP2. 如果所有服务器都有 .NET Framework 2.0 SP2 或更高版本,但至少有一台服务器没有 .NET Framework 4.5,则将此值用于 web 场中的所有服务器。Use this value for all servers in a web farm if all servers have the .NET Framework 2.0 SP2 or later but at least one does not have the .NET Framework 4.5.Framework45.Framework45. ASP.NET 4.5 的加密增强功能有效。Cryptographic enhancements for ASP.NET 4.5 are in effect. 如果应用程序 Web.config 文件的targetFramework属性httpRuntime设置为 "4.5",则此值为默认值。This is the default value if the application Web.config file has thetargetFrameworkattribute of thehttpRuntimeelement set to "4.5".
当此属性设置为时 Framework45 ,以下限制有效:When this property is set to Framework45, the following restrictions are in effect:
如果 DataProtectorType 属性有值,则 ApplicationName 属性必须有值。If the DataProtectorType property has a value, the ApplicationName property must also have a value. DataProtector类要求提供非空的应用程序名称。The DataProtector class mandates that a non-empty application name be provided.
该 Validation 属性必须是实际的验证算法 (例如,MD5、SHA1、HMACSHA256、HMACSHA384、HMACSHA512) 或子类类型的自定义算法 KeyedHashAlgorithm 。The Validation attribute must be an actual validation algorithm (for example, MD5, SHA1, HMACSHA256, HMACSHA384, HMACSHA512) or a custom algorithm that subclasses the KeyedHashAlgorithm type. 禁止值 AES 和3DES。The values AES and 3DES are forbidden.
框架不会生成仅限签名的负载。The framework will not produce signed-only payloads. 不管如何
protectionforms在 Web.config 文件中设置元素的属性,Forms 身份验证票证始终都是加密和签名的。Forms authentication tickets will always be both encrypted and signed, regardless of how theprotectionattribute of theformselement is set in the Web.config file. 如果EnableViewStateMacRequireViewStateEncryption为给定页面设置了或,则将始终对视图状态进行加密和签名。View state will always be both encrypted and signed if eitherEnableViewStateMacorRequireViewStateEncryptionis set for a given page.
由于 Microsoft 安全公告 MS10-070中所述的安全更新,默认的加密行为对于和设置是相同的 Framework20SP1 Framework20SP2 。As a result of the security update that is described in Microsoft security bulletin MS10-070, the default encryption behavior is the same for the Framework20SP1 and Framework20SP2 settings. 不建议更改默认行为,但如果想要执行此操作,请参阅 如何在 ASP.NET 中配置旧加密模式。Changing the default behavior is not recommended, but if you want to do that, see How to configure legacy encryption mode in ASP.NET.