AJAX.NET and FIPS

Question

AJAX.NET and FIPS

We have several sections of our application that use AJAX.NET 5.7.25.1. Our server administrators turned on FIPS, and we encountered the following error:

This implementation is not part of the cryptographic algorithms tested by the FIPS Windows Platform.

Call stack:

at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()     
at MS.Utilities.MD5Helper.GetHash(Byte[] data)     
at Ajax.AjaxRequestProcessor.Run()     
at Ajax.AjaxHandler.ProcessRequest(HttpContext context)     
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Are new versions of AJAX.NET libraries compatible with FIPS?

+3

fips ajax.net

Clayb Aug 2 '10 at 21:07

source share

2 answers

ANY MD5 .NET NON-FIPS, . , AjaxRequestProcessor MD5, - . viewstate 3DES MD5 .

system.web web.config:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

.

, debug = "true" webconfig , .NET MD5 . debug = "false" web.config?

<system.web>
    <compilation debug="false">
</system.web>

+1

Dan 20 . '10 15:19

Jay Stevens · Accepted Answer · 2010-08-25T19:01:15+0000

The quickest way to do this might be to simply change the source of AJAX.Net pro directly to remove the calling call that uses the MD5 algorithm. Go get the source for the version of AJax.NET that you are using from Codeplex. In AjaxPro / Utilities / MD5Helper.cs:

Replace string ...

MD5 md5 = new MD5CryptoServiceProvider();

with the line ...

SHA1 md5 = new SHA1CryptoServiceProvider();

. SHA1 FIPS

... API, , ComputeHash(), ...

, - - FIPS.

AJAX.NET and FIPS

More articles: