/// <summary>
/// Decrypts the ticket
/// </summary>
/// <param name="cookieString"></param>
/// <returns></returns>
public FormsAuthenticationTicket DecryptCookie(string cookieString)
{
byte[] cookieBlob = null;
// 1. Convert from hex to binary.
if ((cookieString.Length % 2) == 0)
{ // Could be a hex string
try
{
cookieBlob = HexUtils.HexToBinary(cookieString);
}
catch { }
}
if (cookieBlob == null)
{
return(null);
}
// decrypt
byte[] decryptedCookie = Decrypt(cookieBlob, _hasher, true);
int ticketLength = decryptedCookie.Length - _hasher.HashSize;
bool validHash = _hasher.CheckHash(decryptedCookie, ticketLength);
if (!validHash)
{
throw new Exception("Invalid Hash");
}
return(FormsAuthenticationTicketHelper.Deserialize(decryptedCookie, ticketLength));
}
public LegacyFormsAuthenticationTicketEncryptor(string decryptionKey, string validationKey, ShaVersion hashAlgorithm = DefaultHashAlgorithm)
{
byte[] descriptionKeyBytes = HexUtils.HexToBinary(decryptionKey);
byte[] validationKeyBytes = HexUtils.HexToBinary(validationKey);
Initialize(descriptionKeyBytes, validationKeyBytes, hashAlgorithm);
}
public LegacyFormsAuthenticationTicketEncryptor(string decryptionKey, string validationKey)
{
byte[] descriptionKeyBytes = HexUtils.HexToBinary(decryptionKey);
byte[] validationKeyBytes = HexUtils.HexToBinary(validationKey);
Initialize(descriptionKeyBytes, validationKeyBytes);
}
/// <summary>
/// Encrypts the ticket, and if a hasher is provided, will also include a signature in the encrypted data.
/// </summary>
/// <param name="ticket"></param>
/// <param name="hasher">If hasher it not null, it will be used to generate hash which is used to sign the encrypted data by adding it to the end. If it is null, no signature will be added.</param>
/// <param name="randomiseUsingHash">If true, the hash of the encrypted data will be prepended to the beginning, otherwise random bytes will be generated and prepended to the beggining.</param>
/// <returns></returns>
public string Encrypt(FormsAuthenticationTicket ticket, bool randomiseUsingHash = false)
{
// make ticked into binary blob.
byte[] ticketBlob = FormsAuthenticationTicketHelper.Serialize(ticket);
if (ticketBlob == null)
{
throw new Exception("Invalid ticket");
}
byte[] cookieBlob = ticketBlob;
// Compute a hash and add to the blob.
if (_hasher != null)
{
byte[] hashBlob = _hasher.GetHMACSHAHash(ticketBlob, null, 0, ticketBlob.Length);
if (hashBlob == null)
{
throw new Exception("Unable to get HMACSHAHash");
}
// create a new byte array big enough to store the ticket data, and the hash data which is appended to the end.
cookieBlob = new byte[hashBlob.Length + ticketBlob.Length];
Buffer.BlockCopy(ticketBlob, 0, cookieBlob, 0, ticketBlob.Length);
Buffer.BlockCopy(hashBlob, 0, cookieBlob, ticketBlob.Length, hashBlob.Length);
}
// now encrypt the cookie data.
byte[] encryptedCookieBlob = EncryptCookieData(cookieBlob, cookieBlob.Length, randomiseUsingHash ? _hasher : null);
if (encryptedCookieBlob == null)
{
throw new Exception("Unable to encrypt cookie");
}
// sign the encrypted blob
if (_hasher != null)
{
byte[] hashBlob = _hasher.GetHMACSHAHash(encryptedCookieBlob, null, 0, encryptedCookieBlob.Length);
if (hashBlob == null)
{
throw new Exception("Unable to sign cookie");
}
// create a new byte array big enough to store the cookie data, and the hash which is appended to the end.
cookieBlob = new byte[hashBlob.Length + encryptedCookieBlob.Length];
Buffer.BlockCopy(encryptedCookieBlob, 0, cookieBlob, 0, encryptedCookieBlob.Length);
Buffer.BlockCopy(hashBlob, 0, cookieBlob, encryptedCookieBlob.Length, hashBlob.Length);
}
// now convert the binary encrypted cookie data and return hex value.
return(HexUtils.BinaryToHex(cookieBlob));
}
