Solved

Decrypting a Cookie Against a Machine Key

Posted on 2012-03-31
6
895 Views
Last Modified: 2012-04-02
I have a machine key tag in my web.config that has a validation key, a decryption key and
validation="SHA1" decryption="AES"

A third party is creating an application and will send me a cookie when the user logs into their site and clicks on the link to my website.  The cookie will have username and password encrypted using the machine key located in my web.config.

I must decrypt the cookie, making sure the keys are the same then read the information in the cookie and pass it along to be authenticated by our system.  

I don't know how to decrypt the cookie and am looking for help.  

Anything anyone can share would be appreciated.  Our framework is 3.0, so I can't use any of the decryption methods in the latest framework.
0
Comment
Question by:sherbug1015
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 37795542
See 2nd answer here (else part)

http://forums.asp.net/t/1240304.aspx/1
0
 

Author Comment

by:sherbug1015
ID: 37796193
CodeCruiser:  

I am not using FormsAuthentication for this cookie.  It will be sent to me as part of the Request.
0
 
LVL 83

Accepted Solution

by:
CodeCruiser earned 500 total points
ID: 37796403
So you just have the key as config value rather than as part of wider forms authentication implementation? Do you have any authentication on your site?

I am currently fighting a similar battle. Trying to login to a site programmatically and get the cookie using a windows service.
0
 

Author Comment

by:sherbug1015
ID: 37797918
I think I have found something that will do.  I am going to accept your solutions so that I can close these tickets out.   Thanks for your help.  You did set me on the right path to find the answer.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question