/// <summary> /// Unprotects the specified protected data. /// </summary> /// <param name="protectedData">The protected data.</param> /// <returns>System.Security.Claims.ClaimsIdentity.</returns> public ClaimsIdentity Unprotect(string protectedData) { if (protectedData == null) { throw new ArgumentNullException(nameof(protectedData)); } List <Claim> claims = new List <Claim>(); try { byte[] unprotectedData = this.rsaCryptoServiceProvider.Decrypt(protectedData.ToBase64Bytes(), false); string identityData = unprotectedData.ASCII(); string[] identityDatas = identityData.Split(','); long timestamp = identityDatas[1]?.AsLong() ?? 0L; if (timestamp < DateTime.UtcNow.UnixTimestamp()) { claims.Add(new Claim(ClaimTypes.Expired, "True")); } else { claims.Add(new Claim(ClaimTypes.Name, identityDatas[0] ?? Anonymous)); claims.Add(new Claim(ClaimTypes.Role, "User")); return(new ClaimsIdentity(claims, identityDatas[2] ?? Unspecified)); } } catch (Exception e) { claims.Add(new Claim(ClaimTypes.AuthorizationDecision, "Error:" + e.Message)); } return(new ClaimsIdentity(claims)); }