Create Forms Authentication Ticket with Machine Keys

Discussion in 'ASP .Net Security' started by Chuck, Feb 10, 2010.

  1. Chuck

    Chuck Guest

    repost, no ms response

    I'm using Selenium to test a web application.
    I need to create a Forms Authentication Cookie and let Selenium load it into
    the browser instance.

    I'm having a problem because my nUnit class does not have access to the
    web.config file.
    The website uses MachineKey valdationKey and decryptionKey.
    I know these values and can put them in the nUnit class.
    However, I usually create Forms Cookies by doing

    tkt = new FormsAuthenticationTicket(1, txtNewIdentity.Text, DateTime.Now,
    DateTime.Now.AddMinutes(TimeOut_Get()), bPersistent,
    HttpContext.Current.Request.UserHostAddress);

    CookieValue= FormsAuthentication.Encrypt(tkt)

    I don't believe the cookie will properly encrypted because when I run
    ..Encrypt(tkt), it won't find the encryption key to use.

    Any way to manually make the forms authentication cookie without assuming
    the .net methods have access to the web.config file?
     
    Chuck, Feb 10, 2010
    #1
    1. Advertising

  2. Chuck

    Steven Cheng Guest

    Hi,

    from your description, you're doing some unit test on an ASP.NET
    webapplication and find that the custom machinekey (stored in web.config
    file) is not available in your UNIT test program, correct?

    As you find, The FormsAuthentication.Encrypt class has encapsulated all the
    underlying cookie encryption(also decryption ) details internally so that
    we do not have access to the underlying web.config(machinekey) processing.
    If you want to make the built-in FormsAuthentication API work, you may need
    to run the unit test code in a web application(web application hosted in VS
    test server). Otherwise, you may need to manually create an ASP.NET web
    applicaion host in your console application like the casini server:

    #ASP. NET Client-side Hosting with Cassini
    http://msdn.microsoft.com/en-us/magazine/cc188791.aspx

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .


    --------------------
    >From: =?Utf-8?B?Q2h1Y2s=?= <>
    >Subject: Create Forms Authentication Ticket with Machine Keys
    >Date: Wed, 10 Feb 2010 09:34:08 -0800


    >repost, no ms response
    >
    >I'm using Selenium to test a web application.
    >I need to create a Forms Authentication Cookie and let Selenium load it

    into
    >the browser instance.
    >
    >I'm having a problem because my nUnit class does not have access to the
    >web.config file.
    >The website uses MachineKey valdationKey and decryptionKey.
    >I know these values and can put them in the nUnit class.
    >However, I usually create Forms Cookies by doing
    >
    > tkt = new FormsAuthenticationTicket(1, txtNewIdentity.Text, DateTime.Now,
    > DateTime.Now.AddMinutes(TimeOut_Get()), bPersistent,
    > HttpContext.Current.Request.UserHostAddress);
    >
    >CookieValue= FormsAuthentication.Encrypt(tkt)
    >
    >I don't believe the cookie will properly encrypted because when I run
    >.Encrypt(tkt), it won't find the encryption key to use.
    >
    >Any way to manually make the forms authentication cookie without assuming
    >the .net methods have access to the web.config file?
    >
    >
    >
     
    Steven Cheng, Feb 12, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. e
    Replies:
    1
    Views:
    3,620
    John Saunders
    Oct 24, 2003
  2. =?Utf-8?B?Y2h1Y2sgcnVkb2xwaA==?=

    Forms Authentication Ticket/Cookie values

    =?Utf-8?B?Y2h1Y2sgcnVkb2xwaA==?=, May 17, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    679
    Brock Allen
    May 19, 2005
  3. Lauchlan M
    Replies:
    0
    Views:
    243
    Lauchlan M
    Oct 1, 2003
  4. jfer
    Replies:
    3
    Views:
    582
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
  5. Chuck
    Replies:
    9
    Views:
    1,363
    Thomas Sun [MSFT]
    Jan 29, 2010
Loading...

Share This Page