Solved

Decrypting a Cookie Against a Machine Key

Posted on 2012-03-31
6
871 Views
Last Modified: 2012-04-02
I have a machine key tag in my web.config that has a validation key, a decryption key and
validation="SHA1" decryption="AES"

A third party is creating an application and will send me a cookie when the user logs into their site and clicks on the link to my website.  The cookie will have username and password encrypted using the machine key located in my web.config.

I must decrypt the cookie, making sure the keys are the same then read the information in the cookie and pass it along to be authenticated by our system.  

I don't know how to decrypt the cookie and am looking for help.  

Anything anyone can share would be appreciated.  Our framework is 3.0, so I can't use any of the decryption methods in the latest framework.
0
Comment
Question by:sherbug1015
  • 2
  • 2
6 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 37795542
See 2nd answer here (else part)

http://forums.asp.net/t/1240304.aspx/1
0
 

Author Comment

by:sherbug1015
ID: 37796193
CodeCruiser:  

I am not using FormsAuthentication for this cookie.  It will be sent to me as part of the Request.
0
 
LVL 83

Accepted Solution

by:
CodeCruiser earned 500 total points
ID: 37796403
So you just have the key as config value rather than as part of wider forms authentication implementation? Do you have any authentication on your site?

I am currently fighting a similar battle. Trying to login to a site programmatically and get the cookie using a windows service.
0
 

Author Comment

by:sherbug1015
ID: 37797918
I think I have found something that will do.  I am going to accept your solutions so that I can close these tickets out.   Thanks for your help.  You did set me on the right path to find the answer.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question