G
Guest
We want to use FormsAuthenticationTickets as part of our ASP.NET security.
The current design stores the user's ticket in the db, and later uses the
ticket to extract other data from the database. When the user logs out, we
use the ticket to delete the ticket from the db, using the encrypted ticket
as the key.
Problem is, the tickets don't seem to match between being encrypted and then
decrypted. For example, the following returns two totally different results.
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
System.Diagnostics.Debug.WriteLine(encryptedTicket);
FormsAuthenticationTicket anotherTicket =
FormsAuthentication.Decrypt(encryptedTicket);
encryptedTicket = FormsAuthentication.Encrypt(anotherTicket);
System.Diagnostics.Debug.WriteLine(encryptedTicket);
The two debugs product totally different results. This totally blows our
design. Why don't they match?
Thanks
Mike
The current design stores the user's ticket in the db, and later uses the
ticket to extract other data from the database. When the user logs out, we
use the ticket to delete the ticket from the db, using the encrypted ticket
as the key.
Problem is, the tickets don't seem to match between being encrypted and then
decrypted. For example, the following returns two totally different results.
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
System.Diagnostics.Debug.WriteLine(encryptedTicket);
FormsAuthenticationTicket anotherTicket =
FormsAuthentication.Decrypt(encryptedTicket);
encryptedTicket = FormsAuthentication.Encrypt(anotherTicket);
System.Diagnostics.Debug.WriteLine(encryptedTicket);
The two debugs product totally different results. This totally blows our
design. Why don't they match?
Thanks
Mike