Solved

Cookie Encryption and Decryption giving errors

Posted on 2004-09-14
12
2,104 Views
Last Modified: 2008-01-09
Hi all,

This following problem has really started to frustrate me.  Being new to the platform ive largely been using quickstart and tutorial code to create a login system for a website im developing.  The problem is that cookie encryption seems to be not working at all.  I have been unable to locate any previous examples of my error.  Please Help

// Login code
// This just places some user details into a pipe separated list e.g.
// 1|DFGEG34534sgdfgdfg34|Admin|Member|Visitor
string strUserData = objMember.MemberCookie();

FormsAuthenticationTicket objTicket = new FormsAuthenticationTicket(1,
      objMember.strFirstname,
      System.DateTime.Now,
      System.DateTime.Now.AddHours(12),
      true,
      strUserData,
      FormsAuthentication.FormsCookiePath);

// THIS FUNCTION IS RETURNING NULL EVERY TIME.  Im not sure why
string strHash = FormsAuthentication.Encrypt(objTicket);                  
if ( null == strHash)
{
      throw new ApplicationException("An error occurred while hashing the user data.");
}

HttpCookie objCookie = new HttpCookie(FormsAuthentication.FormsCookieName, strHash);

objCookie.Expires = System.DateTime.Now.AddMonths(2);
System.Web.HttpContext context = System.Web.HttpContext.Current;
context.Response.Cookies.Add(objCookie);

FormsAuthentication.RedirectFromLoginPage( objMember.strFirstname, true );


// Authenticate_Request Code
string strCookieName = FormsAuthentication.FormsCookieName;
HttpCookie objCookie = Context.Request.Cookies[strCookieName];

if(null == objCookie)
{
      // There is no authentication cookie.
      return;
}

FormsAuthenticationTicket objTicket = null;
try
{      
      // BREAKING IN HERE AGAIN
      objTicket = FormsAuthentication.Decrypt(objCookie.Value);
}
catch(Exception ex)
{
throw new ApplicationException("An error occurred while hashing the user data." + (ex).ToString());
}

if (null == objTicket)
{
      // Cookie failed to decrypt.
      return;
}

// gets the pipe separated cookie data
Components.MemberDetails objMember = new Components.MemberDetails();
objMember.RetrieveCookieData(objTicket.UserData);

// Parse the role names
string[] arrRoles = (objMember.strMemberRoles).Split(new char[]{'|'});

// Create an Identity object
FormsIdentity objID = new FormsIdentity( objTicket );

// This principal will flow throughout the request.
GenericPrincipal objPrincipal = new GenericPrincipal(objID, arrRoles);
// Attach the new principal object to the current HttpContext object
Context.User = objPrincipal;

Any help would be much appreciated
Cheers
Matt
0
Comment
Question by:mattbelfast23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 8

Expert Comment

by:daffodils
ID: 12059469
Some suggestions.. off the top right now..

Try using "string.Empty"
if ( strHash == string.Empty)
{
     throw new ApplicationException("An error occurred while hashing the user data.");
}

And is the cookie being generated at all... encryption or not.. can you see it in the folder specified as path.
Is javascript enabled on your client browser?
0
 

Author Comment

by:mattbelfast23
ID: 12059737
objTicket = FormsAuthentication.Decrypt(objCookie.Value);

is giving the following error

System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12059828
>>objTicket = FormsAuthentication.Decrypt(objCookie.Value);

That's probably because it is expecting the encrypted authentication ticket.. use just the ticket (cookie)..

objTicket = FormsAuthentication.Decrypt(objCookie);
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mattbelfast23
ID: 12059882
Its writing the data without encryption too
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12060023
so Encrypt is not working !
okay.. give me a minute here, maybe MSDN would help..
0
 
LVL 8

Assisted Solution

by:daffodils
daffodils earned 500 total points
ID: 12060385
Look at this posting.. a similar problem with encrypt not working with FormsAuthentication..
seems if the cookie size exceeded 1024, encryption didn't work (max size is 4K) and the ticket was set to null.

http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.framework.aspnet.security/2004-03/0177.html

Try with a small user data field, and check if the Encryption/Decryption still fails!
string strUserData = "Visitor";
0
 

Author Comment

by:mattbelfast23
ID: 12068394
It works for normal cookie data 11|DOG|1,2,3 works fine.  When i introduce the encryption it all goes pear shaped :(
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12068499
Help me here..
Does encryption work for normal cookie data like strUserData = "11|DOG|1,2,3" ??



0
 

Author Comment

by:mattbelfast23
ID: 12069719
Sorry, no the encryption doesnt work.  And the Decryption is giving errors

// Not encrypting
string strHash = FormsAuthentication.Encrypt(objTicket);                  
if ( string.Empty == strHash)
{
     return;
}

the login code with encyption is giving this:  Notice the blank line betweenthe cookie name where the data should be

.SA

localhost/
1024
1572977536
29662059
754716720
29662055
*

Application_AuthenticateRequest

// Gives this error System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
objTicket = FormsAuthentication.Decrypt(System.Web.HttpUtility.UrlDecode(objCookie.Value));

Thanks for your help so far by the way :)
0
 
LVL 8

Accepted Solution

by:
daffodils earned 500 total points
ID: 12069997
So Encrypt doesn't work at all :-|

Lets remove the Encrypt /Decrypt statements.. do we even have a cookie?
lets say without the whole security issue, does the browser accept plain cookies ? javascript enabled in your browser??
0
 

Author Comment

by:mattbelfast23
ID: 12141729
Finally got this to work.  It appears it was the "using" statements although how they were causing it to break i have no idea.  I had the correct statements in from the start, it seems that they just didnt work for some reason. Maybe i had them in the wrong order or something.

Anyways thanks for your help and patience
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12144300
Hmm... "using" statements !  Good that it worked out for you :)
Best of Luck...
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question