是否可以使用ASP.NET ScriptManager来使用Windows FIPS安全策略？

如果在
Windows中启用“使用FIPS兼容算法进行加密,散列和签名”安全策略选项,则尝试在.NET Framework中使用许多加密类将导致InvalidOperationException.默认情况下,ASP.NET使用AES加密ViewState blob,因此失败.您可以通过向web.config添加这样的键来解决此问题：

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

这涵盖了ASP.NET的基本用法.我的问题是：我有一个庞大,复杂的ASP.NET Web应用程序,它大量使用ScriptManagers(ASP.NET AJAX的基础),需要由必须启用此FIPS策略设置的政府客户部署.任何带有ScriptManager的ASP.NET页面都会抛出此异常：

[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
   System.Security.Cryptography.SHA1Managed..ctor() +3607454
   System.Security.Policy.Hash.get_SHA1() +45
   System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfoInternal(Assembly assembly) +85
   System.Web.Handlers.ScriptResourceHandler.GetAssemblyInfo(Assembly assembly) +99
   System.Web.Handlers.RuntimeScriptResourceHandler.GetScriptResourceUrlImpl(List`1 assemblyResourceLists,Boolean zip,Boolean notifyScriptLoaded) +525
   System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(List`1 assemblyResourceLists,Boolean notifyScriptLoaded) +910
   System.Web.Handlers.RuntimeScriptResourceHandler.System.Web.Handlers.IScriptResourceHandler.GetScriptResourceUrl(Assembly assembly,String resourceName,CultureInfo culture,Boolean notifyScriptLoaded) +193
   System.Web.UI.ScriptReference.GetUrlFromName(ScriptManager scriptManager,IControl scriptManagerControl,Boolean zip) +306
   System.Web.UI.ScriptManager.RegisterUniqueScripts(List`1 uniqueScripts) +169
   System.Web.UI.ScriptManager.RegisterScripts() +407
   System.Web.UI.ScriptManager.OnPagePreRenderComplete(Object sender,EventArgs e) +200
   System.Web.UI.Page.OnPreRenderComplete(EventArgs e) +11041982
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint) +3672

甚至添加< enforceFIPSPolicy enabled =“false”/> web.config的元素不能解决异常.

有没有办法配置ASP.NET,以便ScriptManager可以与Windows FIPS安全策略一起使用？

解决方法

Microsoft的更新：此修补程序可在
http://code.msdn.microsoft.com/KB981119获得

答案是您不能将ScriptManager与启用FIPS的服务器一起使用.