/// <summary> /// Decrypts the cookie. /// </summary> /// <param name="cookie">The cookie to decrypt.</param> /// <returns>A new HttpCookie instance with the Value decrypted.</returns> public static HttpCookie Decrypt(HttpCookie cookie) { if (cookie == null) { throw new ArgumentNullException("cookie"); } //nothing to do! if (cookie.Value.Length == 0) { return(cookie); } try { byte[] encrypted = MachineKeyWrapper.HexStringToByteArray(cookie.Value); if (encrypted == null) { return(null); // i wonder if this is the most intuitive situation here... the above method will return null if it cant "DeHex" the string... } byte[] decrypted = MachineKeyWrapper.EncryptOrDecryptData(false, encrypted, null, 0, encrypted.Length); //i wonder if I should guarantee getting a cookie at this point [no exceptions, etc] HttpCookie decryptedCookie = CloneCookie(cookie); decryptedCookie.Value = System.Text.Encoding.Unicode.GetString(decrypted); return(decryptedCookie); } catch (Exception ex) { //repackage the exception throw new HttpException("Unable to Decrypt the cookie.", ex); } }
/// <summary> /// Returns an encrypted cookie without updating the Response. /// </summary> /// <param name="source">The cookie to encrypt</param> /// <returns>An encrypted instance, cloned from the source.</returns> public static HttpCookie Encrypt(HttpCookie source) { try { byte[] data = System.Text.Encoding.Unicode.GetBytes(source.Value); byte[] encData = MachineKeyWrapper.EncryptOrDecryptData(true, data, null, 0, data.Length); HttpCookie encrypted = CloneCookie(source); encrypted.Value = MachineKeyWrapper.ByteArrayToHexString(encData, encData.Length); return(encrypted); } catch (Exception ex) { //repackage throw new HttpException("Unable to encrypt the cookie.", ex); } }