Extensions for the Microsoft AJAX Framework

Download source.zip - 484.54 KB

Introduction

Here, I present a JavaScript library that extends the Microsoft AJAX Framework with new classes. Undoubtedly, the Microsoft AJAX Framework is great. However, it doesn't provide or emulate all the classes and functionality that the .NET Framework does. That's why I decided to extend the Microsoft AJAX Framework with some classes and methods that the .NET BCL provides, and which can be useful in a JavaScript environment.

Currently, the library includes three files: Sys.Core.js, Sys.Text.js, and Sys.Crypto.js.

Similar to .NET 3.5 that provides additional classes through the new System.Core.dll, Sys.Core.js provides additional methods for JavaScript native objects and some new classes like Sys.Convert.
Sys.Text.js contains classes representing ASCII, Unicode, UTF-7, UTF-8, and UTF-32 character encoding. These classes are helpful for data encoding or decoding and in Cryptography services.
Sys.Crypto.js provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, like the System.Security.Cryptography namespace in the .NET Framework.

In this article, I will describe how to use the cryptographic services this library provides.

Let's compare the most current and popular implementation of MD5 - Paul Johnston's implementation in JavaScript, with the one we have in this library. First, Johnston's implementation requires string as an input. What does this mean? This means, you cannot use any encoding you want. For example, if you hash some non-ASCII string with Johnston's implementation and compare it with the hash computed with .NET's widely-known FormsAuthentication.HashPasswordForStoringInConfigFile method, you'll see they do not match. Why? Because, the HashPasswordForStoringInConfigFile method uses UTF-8 that Johnston's implementation is unable to provide. A cryptographic algorithm should not care about strings and encodings. It should work only with bytes, like .NET works. Next is the performance. The Sys.Crypto.MD5CryptoServiceProvider class works about 6 - 8 times faster than Johnston's one (much here depends on the browser).

Let's see how to use the class mentioned above.

Using the code

Using the MD5 algorithm:

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var md5 = Sys.Crypto.MD5.create();
var hash = md5.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

Compared with C# code:

byte[] buff = System.Text.Encoding.UTF8.GetBytes("abc");
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] hash = md5.ComputeHash(buff);

Console.WriteLine(System.Convert.ToBase64String(hash));

The Sys.Crypto namespace provides classes for the following algorithms: MD5, SHA-1, SHA-256, HMAC, and Rijndael/AES. Let's see how to use them.

SHA1 Algorithm

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var sha1= Sys.Crypto.SHA1.create();
var hash = sha1.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

HMAC Algorithm

var hmac = new Sys.Crypto.HMAC("SHA1");
// currently supported SHA256, SHA1, and MD5

var key = Sys.Text.Encoding.BigEndianUnicode.getBytes("Key to mix");

hmac.set_key(key);
// if key is not provided, a random genereted key will be used


var buffer = Sys.Text.Encoding.BigEndianUnicode.getBytes("Hello World!");
var hash = hmac.computeHash(buffer);

window.alert(Sys.Convert.toBase64String(hash));

AES Algorithm

var aes = new Sys.Crypto.Aes.create();

// encrypting

var aesEnc = aes.createEncryptor();
var buffer = Sys.Text.Encoding.ASCII.getBytes("Hello World!");
var encrypted = aesEnc.transform(buffer);

window.alert(Sys.Convert.toBase64String(encrypted));

// decrypting

var aesDec = aes.createDecryptor();
var decrypted = aesDec.transform(encrypted);

window.alert(Sys.Text.Encoding.ASCII.getString(decrypted));

The Sys.Text namespace classes, now, are fixed according to Microsoft KB940521 (security bulletin MS07-040), except the UTF7Encoding class which will be fixed in future or be removed from the library.

Here, I introduce the Sys.Crypto namespace in a nutshell. For complete documentation of this namespace and its base and abstract classes (not mentioned here), see the attached files. Actually, currently, there is no any documentation for the classes in Sys.Core.js. See the source code instead.

In the near future, I plan to release XML (?) and Drawing classes. Well, since we have Silverlight I guess Drawing API is needless. I'm also not sure about XML API although you'll have the same API for all browsers.

Added SHA-256 hash algorithm support.

Any feedback, suggestions, performance improvements, or critics will be welcome and appreciated.

Also available at CodePlex.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)

About the Author

Ruben Buniatyan

Web Developer

Armenia

Member

No Biography provided

Article Top

Poor

Excellent

Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, and new methods for JavaScript native objects.

Type	Article
Licence	Ms-PL
First Posted	8 Jul 2007
Views	34,730
Downloads	105
Bookmarked	34 times

ASP.NETJavascriptXML
Windows.NET, +