Solved

Decrypting a Cookie Against a Machine Key

Posted on 2012-03-31
6
880 Views
Last Modified: 2012-04-02
I have a machine key tag in my web.config that has a validation key, a decryption key and
validation="SHA1" decryption="AES"

A third party is creating an application and will send me a cookie when the user logs into their site and clicks on the link to my website.  The cookie will have username and password encrypted using the machine key located in my web.config.

I must decrypt the cookie, making sure the keys are the same then read the information in the cookie and pass it along to be authenticated by our system.  

I don't know how to decrypt the cookie and am looking for help.  

Anything anyone can share would be appreciated.  Our framework is 3.0, so I can't use any of the decryption methods in the latest framework.
0
Comment
Question by:sherbug1015
  • 2
  • 2
6 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 37795542
See 2nd answer here (else part)

http://forums.asp.net/t/1240304.aspx/1
0
 

Author Comment

by:sherbug1015
ID: 37796193
CodeCruiser:  

I am not using FormsAuthentication for this cookie.  It will be sent to me as part of the Request.
0
 
LVL 83

Accepted Solution

by:
CodeCruiser earned 500 total points
ID: 37796403
So you just have the key as config value rather than as part of wider forms authentication implementation? Do you have any authentication on your site?

I am currently fighting a similar battle. Trying to login to a site programmatically and get the cookie using a windows service.
0
 

Author Comment

by:sherbug1015
ID: 37797918
I think I have found something that will do.  I am going to accept your solutions so that I can close these tickets out.   Thanks for your help.  You did set me on the right path to find the answer.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question