asked on

Validating a cookie against a machine key

Can someone help me with some code to decrypt a cookie against a machine key stored in my web config.

Thanks.

Here is an example of how to encrypt/decrypt using the MachineKey

Public Class Crypto
        Public Function Encrypt(plainText As String) As String
            Dim plaintextBytes = Encoding.UTF8.GetBytes(plainText)
            Return MachineKey.Encode(plaintextBytes, MachineKeyProtection.All)
        End Function

        Public Function Decrypt(encryptedValue As String) As String
            Dim decryptedBytes = MachineKey.Decode(encryptedValue, MachineKeyProtection.All)
            Return Encoding.UTF8.GetString(decryptedBytes)
        End Function
    End Class

Open in new window

Hope this helps!

sherbug1015

ASKER

I don't seem to be able to use MachineKey. I looked it up and it only works in 4.0 or better? Do you have any code samples that would work in earlier frameworks.

Thanks.

ASKER CERTIFIED SOLUTION

Nasir Razzaq

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

sherbug1015

ASKER

CodeCruiser:

I have a machine key tag in my web.config that has a validation key, a decryption key and
validation="SHA1" decryption="AES"

A third party is creating an application and will send me a cookie when the user logs into their site and clicks on the link to my website. The cookie will have username and password encrypted using the machine key located in my web.config.

I must decrypt the cookie, read the information in the cookie and pass it along to be authenticated.

I don't know how to decrypt the cookie and am looking for help.

Anything you can share would be appreciated.

Nasir Razzaq

As you have asked another question on the same issue now, I think you should delete this one.