Giters

linkem / AspNetCore.LegacyAuthCookieCompat

Provides classes to encrypt / decrypt asp.net 2 / 3.5 FormsAuthenticationTickets (cookies) without relying on system.web

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Build status

AspNetCore.LegacyAuthCookieCompat

This library provides the ability to encrypt or decrypt a FormsAuthenticationTicket which are used for Forms Authentication cookies. The cookie will be compatible with .NET 2 / 3.5 & .NET 4 asp.net web applications, that use FormsAuthentication, with SHA1 validation and AES.

This is useful if you are hoping to, for example, integrate OWIN / AspNet Core cookies middleware, with a legacy .NET 3.5 web application, and want single sign on / off.

Usage

In order to encrypt / decrypt the auth cookie data, you need to provide the SHA1 ValidationKey and the AES DecryptionKey. These can usually be found in your existing asp.net 3.5 websites web.config:

    <machineKey validation="SHA1" validationKey="XXXXX" decryption="AES" decryptionKey="XXXXX" />

Then, within your application that wishes to read the cookie (or produce one) - add the following NuGet package:

https://www.nuget.org/packages/AspNetCore.LegacyAuthCookieCompat/

To encrypt a FormsAuthenticationTicket do the following: (We'd usually then write the encrypted data as an auth cookie)

string validationKey = "30101052676849B0B494466B7A99656346328E8964748448E422D7344467A45777D972414947271744423422851D6742C9A09A65212C276C7F839157501291C6";
string decryptionKey = "AC7387D7E54B156377D81930CF237888854B5B5B515CF2D6356541255E696144";

// Arrange
var issueDate = DateTime.Now;
var expiryDate = issueDate.AddHours(1);
var formsAuthenticationTicket = new FormsAuthenticationTicket(2, "someuser@some-email.com", issueDate, expiryDate, false, "custom data", "/");

byte[] decryptionKeyBytes = HexUtils.HexToBinary(decryptionKey);
byte[] validationKeyBytes = HexUtils.HexToBinary(validationKey);

var legacyFormsAuthenticationTicketEncryptor = new LegacyFormsAuthenticationTicketEncryptor(decryptionKeyBytes, validationKeyBytes);

// Act
// We encrypt the forms auth cookie.
var encryptedText = legacyFormsAuthenticationTicketEncryptor.Encrypt(formsAuthenticationTicket);

To Decrypt: (We'd usually read the encrypted text from the auth cookie)

FormsAuthenticationTicket decryptedTicket = legacyFormsAuthenticationTicketEncryptor.DecryptCookie(encryptedText);

About

Provides classes to encrypt / decrypt asp.net 2 / 3.5 FormsAuthenticationTickets (cookies) without relying on system.web

Languages

Language:C# 100.0%