mattbelfast23
asked on
Cookie Encryption and Decryption giving errors
Hi all,
This following problem has really started to frustrate me. Being new to the platform ive largely been using quickstart and tutorial code to create a login system for a website im developing. The problem is that cookie encryption seems to be not working at all. I have been unable to locate any previous examples of my error. Please Help
// Login code
// This just places some user details into a pipe separated list e.g.
// 1|DFGEG34534sgdfgdfg34|Adm in|Member| Visitor
string strUserData = objMember.MemberCookie();
FormsAuthenticationTicket objTicket = new FormsAuthenticationTicket( 1,
objMember.strFirstname,
System.DateTime.Now,
System.DateTime.Now.AddHou rs(12),
true,
strUserData,
FormsAuthentication.FormsC ookiePath) ;
// THIS FUNCTION IS RETURNING NULL EVERY TIME. Im not sure why
string strHash = FormsAuthentication.Encryp t(objTicke t);
if ( null == strHash)
{
throw new ApplicationException("An error occurred while hashing the user data.");
}
HttpCookie objCookie = new HttpCookie(FormsAuthentica tion.Forms CookieName , strHash);
objCookie.Expires = System.DateTime.Now.AddMon ths(2);
System.Web.HttpContext context = System.Web.HttpContext.Cur rent;
context.Response.Cookies.A dd(objCook ie);
FormsAuthentication.Redire ctFromLogi nPage( objMember.strFirstname, true );
// Authenticate_Request Code
string strCookieName = FormsAuthentication.FormsC ookieName;
HttpCookie objCookie = Context.Request.Cookies[st rCookieNam e];
if(null == objCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket objTicket = null;
try
{
// BREAKING IN HERE AGAIN
objTicket = FormsAuthentication.Decryp t(objCooki e.Value);
}
catch(Exception ex)
{
throw new ApplicationException("An error occurred while hashing the user data." + (ex).ToString());
}
if (null == objTicket)
{
// Cookie failed to decrypt.
return;
}
// gets the pipe separated cookie data
Components.MemberDetails objMember = new Components.MemberDetails() ;
objMember.RetrieveCookieDa ta(objTick et.UserDat a);
// Parse the role names
string[] arrRoles = (objMember.strMemberRoles) .Split(new char[]{'|'});
// Create an Identity object
FormsIdentity objID = new FormsIdentity( objTicket );
// This principal will flow throughout the request.
GenericPrincipal objPrincipal = new GenericPrincipal(objID, arrRoles);
// Attach the new principal object to the current HttpContext object
Context.User = objPrincipal;
Any help would be much appreciated
Cheers
Matt
This following problem has really started to frustrate me. Being new to the platform ive largely been using quickstart and tutorial code to create a login system for a website im developing. The problem is that cookie encryption seems to be not working at all. I have been unable to locate any previous examples of my error. Please Help
// Login code
// This just places some user details into a pipe separated list e.g.
// 1|DFGEG34534sgdfgdfg34|Adm
string strUserData = objMember.MemberCookie();
FormsAuthenticationTicket objTicket = new FormsAuthenticationTicket(
objMember.strFirstname,
System.DateTime.Now,
System.DateTime.Now.AddHou
true,
strUserData,
FormsAuthentication.FormsC
// THIS FUNCTION IS RETURNING NULL EVERY TIME. Im not sure why
string strHash = FormsAuthentication.Encryp
if ( null == strHash)
{
throw new ApplicationException("An error occurred while hashing the user data.");
}
HttpCookie objCookie = new HttpCookie(FormsAuthentica
objCookie.Expires = System.DateTime.Now.AddMon
System.Web.HttpContext context = System.Web.HttpContext.Cur
context.Response.Cookies.A
FormsAuthentication.Redire
// Authenticate_Request Code
string strCookieName = FormsAuthentication.FormsC
HttpCookie objCookie = Context.Request.Cookies[st
if(null == objCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket objTicket = null;
try
{
// BREAKING IN HERE AGAIN
objTicket = FormsAuthentication.Decryp
}
catch(Exception ex)
{
throw new ApplicationException("An error occurred while hashing the user data." + (ex).ToString());
}
if (null == objTicket)
{
// Cookie failed to decrypt.
return;
}
// gets the pipe separated cookie data
Components.MemberDetails objMember = new Components.MemberDetails()
objMember.RetrieveCookieDa
// Parse the role names
string[] arrRoles = (objMember.strMemberRoles)
// Create an Identity object
FormsIdentity objID = new FormsIdentity( objTicket );
// This principal will flow throughout the request.
GenericPrincipal objPrincipal = new GenericPrincipal(objID, arrRoles);
// Attach the new principal object to the current HttpContext object
Context.User = objPrincipal;
Any help would be much appreciated
Cheers
Matt
ASKER
objTicket = FormsAuthentication.Decryp t(objCooki e.Value);
is giving the following error
System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
is giving the following error
System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
>>objTicket = FormsAuthentication.Decryp t(objCooki e.Value);
That's probably because it is expecting the encrypted authentication ticket.. use just the ticket (cookie)..
objTicket = FormsAuthentication.Decryp t(objCooki e);
That's probably because it is expecting the encrypted authentication ticket.. use just the ticket (cookie)..
objTicket = FormsAuthentication.Decryp
ASKER
Its writing the data without encryption too
so Encrypt is not working !
okay.. give me a minute here, maybe MSDN would help..
okay.. give me a minute here, maybe MSDN would help..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It works for normal cookie data 11|DOG|1,2,3 works fine. When i introduce the encryption it all goes pear shaped :(
Help me here..
Does encryption work for normal cookie data like strUserData = "11|DOG|1,2,3" ??
Does encryption work for normal cookie data like strUserData = "11|DOG|1,2,3" ??
ASKER
Sorry, no the encryption doesnt work. And the Decryption is giving errors
// Not encrypting
string strHash = FormsAuthentication.Encryp t(objTicke t);
if ( string.Empty == strHash)
{
return;
}
the login code with encyption is giving this: Notice the blank line betweenthe cookie name where the data should be
.SA
localhost/
1024
1572977536
29662059
754716720
29662055
*
Application_AuthenticateRe quest
// Gives this error System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
objTicket = FormsAuthentication.Decryp t(System.W eb.HttpUti lity.UrlDe code(objCo okie.Value ));
Thanks for your help so far by the way :)
// Not encrypting
string strHash = FormsAuthentication.Encryp
if ( string.Empty == strHash)
{
return;
}
the login code with encyption is giving this: Notice the blank line betweenthe cookie name where the data should be
.SA
localhost/
1024
1572977536
29662059
754716720
29662055
*
Application_AuthenticateRe
// Gives this error System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
objTicket = FormsAuthentication.Decryp
Thanks for your help so far by the way :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Finally got this to work. It appears it was the "using" statements although how they were causing it to break i have no idea. I had the correct statements in from the start, it seems that they just didnt work for some reason. Maybe i had them in the wrong order or something.
Anyways thanks for your help and patience
Anyways thanks for your help and patience
Hmm... "using" statements ! Good that it worked out for you :)
Best of Luck...
Best of Luck...
Try using "string.Empty"
if ( strHash == string.Empty)
{
throw new ApplicationException("An error occurred while hashing the user data.");
}
And is the cookie being generated at all... encryption or not.. can you see it in the folder specified as path.
Is javascript enabled on your client browser?