Encryption Key/Cache

A

A. Elamiri

I would like to store some Role Information in a cookie since I cannot use
Session in the AuthenticateRequest method.

I thought of encrypting the cookie using Rijndael Algo. for provider. I
would generate a 16 character key store it as a Cached object and replace it
every 20-30 minutes, if the cookie data does not decrypt then simply reload
it because I would assume that key expired.

Is this a secure way of doing it?
 
S

Steve C. Orr [MVP, MCSD]

It almost seems secure, but...
I question your logic of assuming the key is expired if it does not decrypt
(and accepting it anyway.)
Another reason the key might not decrypt is if someone has been tampering
with it. A hacker might attempt this. It seems they could put any value at
all into the cookie and then your code would assume it's good (but expired)
and then generate a new one.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encryption 6
Cache Dependent Key/Encryption 2
Encryption Key 2
Encryption 11
Dotnetnuke Password Encryption 0
Role Providers Cache 5
Forms authentication cookie handling question (C#) 4
Forms Authentication No Cache AND avoiding Web Page Has Expired Ms 5

Members online

Total: 26 (members: 1, guests: 25)
Robots: 498

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top