lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-19 18:27:55 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

MachineKey validation during Setup, with automatic proposed values

Browse Source 
--HG--
branch : dev
This commit is contained in:
Sebastien Ros
2010-09-02 13:51:26 -07:00
parent 257cb4682a
commit fcb27fdbae
4 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Orchard.Azure/Orchard.Azure.Web/Web.Debug.config
View File

@@ -2,7 +2,7 @@
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<machineKey xdt:Transform="Insert" validationKey="013B82F217ABB7EAB1F699E4E5B4D290030644D435994692354DAE82B06568B058BFE3C57BF199A41FFDBC84F3BC74D9C5BD96D1265F36A22D58347B591AC8DD" decryptionKey="04797035C490263D73ED991C84C5DFCD0D0206AD4F12BC3638A38FBEABEBB8C7" validation="SHA1" decryption="AES" />
<machineKey xdt:Transform="Insert" validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" decryption="AES" />
</system.web>
<system.web.extensions xdt:Transform="Remove" />
</configuration>

2
src/Orchard.Azure/Orchard.Azure.Web/Web.Release.config
View File

@@ -2,7 +2,7 @@
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.web>
<machineKey xdt:Transform="Insert" validationKey="013B82F217ABB7EAB1F699E4E5B4D290030644D435994692354DAE82B06568B058BFE3C57BF199A41FFDBC84F3BC74D9C5BD96D1265F36A22D58347B591AC8DD" decryptionKey="04797035C490263D73ED991C84C5DFCD0D0206AD4F12BC3638A38FBEABEBB8C7" validation="SHA1" decryption="AES" />
<machineKey xdt:Transform="Insert" validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" decryption="AES" />
</system.web>
<system.web.extensions xdt:Transform="Remove" />
</configuration>

33
src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
View File

@@ -1,5 +1,9 @@
using System;
using System.Configuration;
using System.Security.Cryptography;
using System.Web.Configuration;
using System.Web.Mvc;
using System.Linq;
using Orchard.FileSystems.AppData;
using Orchard.Setup.Services;
using Orchard.Setup.ViewModels;
@@ -34,7 +38,34 @@ namespace Orchard.Setup.Controllers {
return View(model);
}
private bool ValidateMachineKey() {
// Get the machineKey section.
var section = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection;
if (section == null
|| section.DecryptionKey.Contains("AutoGenerate")
|| section.ValidationKey.Contains("AutoGenerate")) {
var rng = new RNGCryptoServiceProvider();
var decryptionData = new byte[32];
var validationData = new byte[64];
rng.GetBytes(decryptionData);
rng.GetBytes(validationData);
string decryptionKey = BitConverter.ToString(decryptionData).Replace("-", "");
string validationKey = BitConverter.ToString(validationData).Replace("-", "");
ModelState.AddModelError("MachineKey", T("You need to define a MachineKey value in your web.config file. Here is one for you:\n <machineKey validationKey=\"{0}\" decryptionKey=\"{1}\" validation=\"SHA1\" decryption=\"AES\" />", validationKey, decryptionKey).ToString());
return false;
}
return true;
}
public ActionResult Index() {
ValidateMachineKey();
var initialSettings = _setupService.Prime();
return IndexViewResult(new SetupViewModel { AdminUsername = "admin", DatabaseIsPreconfigured = !string.IsNullOrEmpty(initialSettings.DataProvider)});
}
@@ -49,6 +80,8 @@ namespace Orchard.Setup.Controllers {
ModelState.AddModelError("ConfirmPassword", T("Password confirmation must match").ToString());
}
ValidateMachineKey();
if (!ModelState.IsValid) {
return IndexViewResult(model);
}

4
src/Orchard.Web/Web.config
View File

@@ -19,8 +19,8 @@
<defaultSettings timeout="00:30:00"/>
</system.transactions>
<system.web>
<machineKey validationKey="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
decryptionKey="0000000000000000000000000000000000000000000000000000000000000000"
<machineKey validationKey="AutoGenerate"
decryptionKey="AutoGenerate"
validation="SHA1"
decryption="AES" />
<httpRuntime requestValidationMode="2.0" />