Solved

Decrypting a Cookie Against a Machine Key

Posted on 2012-03-31
6
868 Views
Last Modified: 2012-04-02
I have a machine key tag in my web.config that has a validation key, a decryption key and
validation="SHA1" decryption="AES"

A third party is creating an application and will send me a cookie when the user logs into their site and clicks on the link to my website.  The cookie will have username and password encrypted using the machine key located in my web.config.

I must decrypt the cookie, making sure the keys are the same then read the information in the cookie and pass it along to be authenticated by our system.  

I don't know how to decrypt the cookie and am looking for help.  

Anything anyone can share would be appreciated.  Our framework is 3.0, so I can't use any of the decryption methods in the latest framework.
0
Comment
Question by:sherbug1015
  • 2
  • 2
6 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 37795542
See 2nd answer here (else part)

http://forums.asp.net/t/1240304.aspx/1
0
 

Author Comment

by:sherbug1015
ID: 37796193
CodeCruiser:  

I am not using FormsAuthentication for this cookie.  It will be sent to me as part of the Request.
0
 
LVL 83

Accepted Solution

by:
CodeCruiser earned 500 total points
ID: 37796403
So you just have the key as config value rather than as part of wider forms authentication implementation? Do you have any authentication on your site?

I am currently fighting a similar battle. Trying to login to a site programmatically and get the cookie using a windows service.
0
 

Author Comment

by:sherbug1015
ID: 37797918
I think I have found something that will do.  I am going to accept your solutions so that I can close these tickets out.   Thanks for your help.  You did set me on the right path to find the answer.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now