S
steve baker
Hi
For reasons I don't want to go into, we need to have a mixed mode site
running where some pages will be running in .NET and some in classic asp.
When users login this will all be via .NET and uses forms authentication.
In ASP pages a vbscript function is called that needs to work out if the
user is authenticated and get their usernaem from the formsAuth ticket.
I have taken the following steps but cannot decrypt the forms auth ticket:
- in ASP get the AuthCookie cookie (cheked that the value is the same as
when getting in .NET)
- create a CCW in .NET and create the object in ASP
- set a property of the .NET object to the value of the cookie
- check the CCW to see if the user is authenticated and then, if they are,
get the username
- in the CCW isAuthenticated function we use FormsAuthentication to decrypt
the cookie:
cookie=this.AuthCookie;
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(cookie);
}
catch(Exception ex)
{
//get a System.Security.Cryptography.CryptographicException: Length of the
data to decrypt is invalid
//exception here
}
- The CCW is a dll that is installed in the GAC and created in ASP via
Sever.CreateObject
- This wont have acces to the HttpContext, so we cant get the Identity that
way
- Have set the MachineKey to a specific value in both the web.config and
machine.config but I suspect that when we call
FormsAuthentication.Decrypt(cookie); it is not using this key and so thinks
the length of data is not valid as have checked the exact string used here,
and used in the Global.asax Application_AuthenticateRequest, and they are
identical
Does anyone know if there is some way of checking the Key used by
FormsAuthentication.Decrypt, or if there is a way I can use the crypt
functions directly and just grab the machineKey directly from the
machine.config?
Many Thanks
Steve Baker
For reasons I don't want to go into, we need to have a mixed mode site
running where some pages will be running in .NET and some in classic asp.
When users login this will all be via .NET and uses forms authentication.
In ASP pages a vbscript function is called that needs to work out if the
user is authenticated and get their usernaem from the formsAuth ticket.
I have taken the following steps but cannot decrypt the forms auth ticket:
- in ASP get the AuthCookie cookie (cheked that the value is the same as
when getting in .NET)
- create a CCW in .NET and create the object in ASP
- set a property of the .NET object to the value of the cookie
- check the CCW to see if the user is authenticated and then, if they are,
get the username
- in the CCW isAuthenticated function we use FormsAuthentication to decrypt
the cookie:
cookie=this.AuthCookie;
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(cookie);
}
catch(Exception ex)
{
//get a System.Security.Cryptography.CryptographicException: Length of the
data to decrypt is invalid
//exception here
}
- The CCW is a dll that is installed in the GAC and created in ASP via
Sever.CreateObject
- This wont have acces to the HttpContext, so we cant get the Identity that
way
- Have set the MachineKey to a specific value in both the web.config and
machine.config but I suspect that when we call
FormsAuthentication.Decrypt(cookie); it is not using this key and so thinks
the length of data is not valid as have checked the exact string used here,
and used in the Global.asax Application_AuthenticateRequest, and they are
identical
Does anyone know if there is some way of checking the Key used by
FormsAuthentication.Decrypt, or if there is a way I can use the crypt
functions directly and just grab the machineKey directly from the
machine.config?
Many Thanks
Steve Baker