Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms authentication decrypt invalid data lanegth exception

Reply
Thread Tools

Forms authentication decrypt invalid data lanegth exception

 
 
steve baker
Guest
Posts: n/a
 
      08-03-2005
Hi

For reasons I don't want to go into, we need to have a mixed mode site
running where some pages will be running in .NET and some in classic asp.
When users login this will all be via .NET and uses forms authentication.
In ASP pages a vbscript function is called that needs to work out if the
user is authenticated and get their usernaem from the formsAuth ticket.

I have taken the following steps but cannot decrypt the forms auth ticket:
- in ASP get the AuthCookie cookie (cheked that the value is the same as
when getting in .NET)
- create a CCW in .NET and create the object in ASP
- set a property of the .NET object to the value of the cookie
- check the CCW to see if the user is authenticated and then, if they are,
get the username
- in the CCW isAuthenticated function we use FormsAuthentication to decrypt
the cookie:

cookie=this.AuthCookie;
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(cookie);
}
catch(Exception ex)
{
//get a System.Security.Cryptography.CryptographicExceptio n: Length of the
data to decrypt is invalid
//exception here
}

- The CCW is a dll that is installed in the GAC and created in ASP via
Sever.CreateObject
- This wont have acces to the HttpContext, so we cant get the Identity that
way
- Have set the MachineKey to a specific value in both the web.config and
machine.config but I suspect that when we call
FormsAuthentication.Decrypt(cookie); it is not using this key and so thinks
the length of data is not valid as have checked the exact string used here,
and used in the Global.asax Application_AuthenticateRequest, and they are
identical

Does anyone know if there is some way of checking the Key used by
FormsAuthentication.Decrypt, or if there is a way I can use the crypt
functions directly and just grab the machineKey directly from the
machine.config?
Many Thanks
Steve Baker
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
decrypt challenge - perl encrypt with ruby decrypt aktxyz@gmail.com Ruby 1 06-16-2007 01:30 PM
Length of the data to decrypt is invalid Hannibal111111 ASP .Net 0 06-27-2006 08:42 PM
CryptographicException: Length of the data to decrypt is invalid Barb ASP .Net Security 0 04-11-2006 08:30 PM
Length of the data to decrypt is invalid Bishoy George ASP .Net Security 4 04-07-2006 10:22 PM
Length of data to decrypt is invalid Rijndael hivie ASP .Net Security 2 06-13-2005 07:30 PM



Advertisments