Solved

Cookie Encryption and Decryption giving errors

Posted on 2004-09-14
12
2,101 Views
Last Modified: 2008-01-09
Hi all,

This following problem has really started to frustrate me.  Being new to the platform ive largely been using quickstart and tutorial code to create a login system for a website im developing.  The problem is that cookie encryption seems to be not working at all.  I have been unable to locate any previous examples of my error.  Please Help

// Login code
// This just places some user details into a pipe separated list e.g.
// 1|DFGEG34534sgdfgdfg34|Admin|Member|Visitor
string strUserData = objMember.MemberCookie();

FormsAuthenticationTicket objTicket = new FormsAuthenticationTicket(1,
      objMember.strFirstname,
      System.DateTime.Now,
      System.DateTime.Now.AddHours(12),
      true,
      strUserData,
      FormsAuthentication.FormsCookiePath);

// THIS FUNCTION IS RETURNING NULL EVERY TIME.  Im not sure why
string strHash = FormsAuthentication.Encrypt(objTicket);                  
if ( null == strHash)
{
      throw new ApplicationException("An error occurred while hashing the user data.");
}

HttpCookie objCookie = new HttpCookie(FormsAuthentication.FormsCookieName, strHash);

objCookie.Expires = System.DateTime.Now.AddMonths(2);
System.Web.HttpContext context = System.Web.HttpContext.Current;
context.Response.Cookies.Add(objCookie);

FormsAuthentication.RedirectFromLoginPage( objMember.strFirstname, true );


// Authenticate_Request Code
string strCookieName = FormsAuthentication.FormsCookieName;
HttpCookie objCookie = Context.Request.Cookies[strCookieName];

if(null == objCookie)
{
      // There is no authentication cookie.
      return;
}

FormsAuthenticationTicket objTicket = null;
try
{      
      // BREAKING IN HERE AGAIN
      objTicket = FormsAuthentication.Decrypt(objCookie.Value);
}
catch(Exception ex)
{
throw new ApplicationException("An error occurred while hashing the user data." + (ex).ToString());
}

if (null == objTicket)
{
      // Cookie failed to decrypt.
      return;
}

// gets the pipe separated cookie data
Components.MemberDetails objMember = new Components.MemberDetails();
objMember.RetrieveCookieData(objTicket.UserData);

// Parse the role names
string[] arrRoles = (objMember.strMemberRoles).Split(new char[]{'|'});

// Create an Identity object
FormsIdentity objID = new FormsIdentity( objTicket );

// This principal will flow throughout the request.
GenericPrincipal objPrincipal = new GenericPrincipal(objID, arrRoles);
// Attach the new principal object to the current HttpContext object
Context.User = objPrincipal;

Any help would be much appreciated
Cheers
Matt
0
Comment
Question by:mattbelfast23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 8

Expert Comment

by:daffodils
ID: 12059469
Some suggestions.. off the top right now..

Try using "string.Empty"
if ( strHash == string.Empty)
{
     throw new ApplicationException("An error occurred while hashing the user data.");
}

And is the cookie being generated at all... encryption or not.. can you see it in the folder specified as path.
Is javascript enabled on your client browser?
0
 

Author Comment

by:mattbelfast23
ID: 12059737
objTicket = FormsAuthentication.Decrypt(objCookie.Value);

is giving the following error

System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12059828
>>objTicket = FormsAuthentication.Decrypt(objCookie.Value);

That's probably because it is expecting the encrypted authentication ticket.. use just the ticket (cookie)..

objTicket = FormsAuthentication.Decrypt(objCookie);
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:mattbelfast23
ID: 12059882
Its writing the data without encryption too
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12060023
so Encrypt is not working !
okay.. give me a minute here, maybe MSDN would help..
0
 
LVL 8

Assisted Solution

by:daffodils
daffodils earned 500 total points
ID: 12060385
Look at this posting.. a similar problem with encrypt not working with FormsAuthentication..
seems if the cookie size exceeded 1024, encryption didn't work (max size is 4K) and the ticket was set to null.

http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.framework.aspnet.security/2004-03/0177.html

Try with a small user data field, and check if the Encryption/Decryption still fails!
string strUserData = "Visitor";
0
 

Author Comment

by:mattbelfast23
ID: 12068394
It works for normal cookie data 11|DOG|1,2,3 works fine.  When i introduce the encryption it all goes pear shaped :(
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12068499
Help me here..
Does encryption work for normal cookie data like strUserData = "11|DOG|1,2,3" ??



0
 

Author Comment

by:mattbelfast23
ID: 12069719
Sorry, no the encryption doesnt work.  And the Decryption is giving errors

// Not encrypting
string strHash = FormsAuthentication.Encrypt(objTicket);                  
if ( string.Empty == strHash)
{
     return;
}

the login code with encyption is giving this:  Notice the blank line betweenthe cookie name where the data should be

.SA

localhost/
1024
1572977536
29662059
754716720
29662055
*

Application_AuthenticateRequest

// Gives this error System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
objTicket = FormsAuthentication.Decrypt(System.Web.HttpUtility.UrlDecode(objCookie.Value));

Thanks for your help so far by the way :)
0
 
LVL 8

Accepted Solution

by:
daffodils earned 500 total points
ID: 12069997
So Encrypt doesn't work at all :-|

Lets remove the Encrypt /Decrypt statements.. do we even have a cookie?
lets say without the whole security issue, does the browser accept plain cookies ? javascript enabled in your browser??
0
 

Author Comment

by:mattbelfast23
ID: 12141729
Finally got this to work.  It appears it was the "using" statements although how they were causing it to break i have no idea.  I had the correct statements in from the start, it seems that they just didnt work for some reason. Maybe i had them in the wrong order or something.

Anyways thanks for your help and patience
0
 
LVL 8

Expert Comment

by:daffodils
ID: 12144300
Hmm... "using" statements !  Good that it worked out for you :)
Best of Luck...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question