Forms authentication decrypt invalid data lanegth exception

Discussion in 'ASP .Net Security' started by steve baker, Aug 3, 2005.

  1. steve baker

    steve baker Guest

    Hi

    For reasons I don't want to go into, we need to have a mixed mode site
    running where some pages will be running in .NET and some in classic asp.
    When users login this will all be via .NET and uses forms authentication.
    In ASP pages a vbscript function is called that needs to work out if the
    user is authenticated and get their usernaem from the formsAuth ticket.

    I have taken the following steps but cannot decrypt the forms auth ticket:
    - in ASP get the AuthCookie cookie (cheked that the value is the same as
    when getting in .NET)
    - create a CCW in .NET and create the object in ASP
    - set a property of the .NET object to the value of the cookie
    - check the CCW to see if the user is authenticated and then, if they are,
    get the username
    - in the CCW isAuthenticated function we use FormsAuthentication to decrypt
    the cookie:

    cookie=this.AuthCookie;
    FormsAuthenticationTicket authTicket = null;
    try
    {
    authTicket = FormsAuthentication.Decrypt(cookie);
    }
    catch(Exception ex)
    {
    //get a System.Security.Cryptography.CryptographicException: Length of the
    data to decrypt is invalid
    //exception here
    }

    - The CCW is a dll that is installed in the GAC and created in ASP via
    Sever.CreateObject
    - This wont have acces to the HttpContext, so we cant get the Identity that
    way
    - Have set the MachineKey to a specific value in both the web.config and
    machine.config but I suspect that when we call
    FormsAuthentication.Decrypt(cookie); it is not using this key and so thinks
    the length of data is not valid as have checked the exact string used here,
    and used in the Global.asax Application_AuthenticateRequest, and they are
    identical

    Does anyone know if there is some way of checking the Key used by
    FormsAuthentication.Decrypt, or if there is a way I can use the crypt
    functions directly and just grab the machineKey directly from the
    machine.config?
    Many Thanks
    Steve Baker
    steve baker, Aug 3, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hannibal111111

    Length of the data to decrypt is invalid

    Hannibal111111, Jun 27, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    7,215
    Hannibal111111
    Jun 27, 2006
  2. hivie

    Length of data to decrypt is invalid Rijndael

    hivie, Jun 13, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    518
    Duane Laflotte
    Jun 13, 2005
  3. Bishoy George

    Length of the data to decrypt is invalid

    Bishoy George, Apr 5, 2006, in forum: ASP .Net Security
    Replies:
    4
    Views:
    624
    Bishoy George
    Apr 7, 2006
  4. Barb
    Replies:
    0
    Views:
    501
  5. Replies:
    1
    Views:
    431
    Daniel Martin
    Jun 16, 2007
Loading...

Share This Page