Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 936
  • Last Modified:

Decrypting a Cookie Against a Machine Key

I have a machine key tag in my web.config that has a validation key, a decryption key and
validation="SHA1" decryption="AES"

A third party is creating an application and will send me a cookie when the user logs into their site and clicks on the link to my website.  The cookie will have username and password encrypted using the machine key located in my web.config.

I must decrypt the cookie, making sure the keys are the same then read the information in the cookie and pass it along to be authenticated by our system.  

I don't know how to decrypt the cookie and am looking for help.  

Anything anyone can share would be appreciated.  Our framework is 3.0, so I can't use any of the decryption methods in the latest framework.
0
sherbug1015
Asked:
sherbug1015
  • 2
  • 2
1 Solution
 
CodeCruiserCommented:
See 2nd answer here (else part)

http://forums.asp.net/t/1240304.aspx/1
0
 
sherbug1015Author Commented:
CodeCruiser:  

I am not using FormsAuthentication for this cookie.  It will be sent to me as part of the Request.
0
 
CodeCruiserCommented:
So you just have the key as config value rather than as part of wider forms authentication implementation? Do you have any authentication on your site?

I am currently fighting a similar battle. Trying to login to a site programmatically and get the cookie using a windows service.
0
 
sherbug1015Author Commented:
I think I have found something that will do.  I am going to accept your solutions so that I can close these tickets out.   Thanks for your help.  You did set me on the right path to find the answer.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now