/// <summary> /// Verify a JWT token signed in RS256 (RSA + SHA-256) /// </summary> /// <param name="tokenJwtEncoded"></param> /// <returns></returns> private static bool VerifyTokenJwtSignatureInternal(string tokenJwtEncoded, string modulusEncoded, string exponentEncoded) { var urlTextEncoder = new Base64UrlTextEncoder(); string[] tokenParts = tokenJwtEncoded.Split('.'); var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters { Modulus = urlTextEncoder.Decode(modulusEncoded), Exponent = urlTextEncoder.Decode(exponentEncoded) }); byte[] hash; using (var sha256 = SHA256.Create()) { hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(tokenParts[0] + '.' + tokenParts[1])); } var rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa); rsaDeformatter.SetHashAlgorithm("SHA256"); var signatureVerified = rsaDeformatter.VerifySignature(hash, urlTextEncoder.Decode(tokenParts[2])); return(signatureVerified); }
public static AuthenticationTicket GetCookieAuthenticationTicket(this HttpContext context, CookieAuthenticationOptions options) { try { //Get the encrypted cookie value string cookieValue = context.Request.Cookies[".AspNetCore.CookieAuth"]; //Get a data protector to use with either approach var dataProtector = options.DataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "CookieAuth", "v2"); //Get the decrypted cookie as plain text UTF8Encoding specialUtf8Encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true); byte[] protectedBytes = Base64UrlTextEncoder.Decode(cookieValue); byte[] plainBytes = dataProtector.Unprotect(protectedBytes); string plainText = specialUtf8Encoding.GetString(plainBytes); //Get the decrypted cookie as a Authentication Ticket TicketDataFormat ticketDataFormat = new TicketDataFormat(dataProtector); AuthenticationTicket ticket = ticketDataFormat.Unprotect(cookieValue); return(ticket); } catch (Exception) { return(null); } }
public AuthenticationTicket?Unprotect(string?protectedText, string?purpose) { AuthenticationTicket?authTicket; try { var unprotectedBytes = dataProtector.Unprotect ( Base64UrlTextEncoder.Decode(protectedText ?? "") ); authTicket = ticketSerializer.Deserialize(unprotectedBytes); var embeddedJwt = authTicket?.Properties?.GetTokenValue("Jwt"); new JwtSecurityTokenHandler().ValidateToken(embeddedJwt, validationParameters, out var token); if (!(token is JwtSecurityToken jwt)) { throw new SecurityTokenValidationException("JWT token was found to be invalid"); } if (!jwt.Header.Alg.Equals(Algorithm, StringComparison.Ordinal)) { throw new ArgumentException($"Algorithm must be '{Algorithm}'"); } } catch (Exception) { authTicket = null; } return(authTicket); }
public async Task <IActionResult> Callback(string code, string state) { // BIG NO-NO BELOW, COMMENTED OUT CODE BECAUSE THE SESSION WAS CHANGING BETWEEN AUTHORIZATION! var authorization = new Authorization { AuthorizationCode = code, ExpectedState = state, //HttpContext.Session.GetString(SSOStateKey), ReturnedState = state }; var accessToken = await _ESIClient.SSO.VerifyAuthorizationAsync(authorization); var character = await _ESIClient.SSO.GetCharacterDetailsAsync(accessToken.AccessToken); await SignInAsync(accessToken, character); if (Guid.TryParse(state, out Guid stateGuid)) { return(RedirectToAction("Index", "Home")); } else { var returnUrl = Encoding.ASCII.GetString(Base64UrlTextEncoder.Decode(state)); return(Redirect(returnUrl)); } }
public static void LogTransaction(HttpRequest request, string response) { var info = new DiagnosticsInfo() { RequestUrl = "[" + request.Method + "]" + request.Host + request.Path + request.QueryString, Body = new List <string>(), ResponseBody = new List <string>() }; if (request.HasFormContentType) { foreach (var form in request.Form) { if (form.Key == "client" || form.Key == "server") { var clientParams = Encoding.ASCII.GetString(Base64UrlTextEncoder.Decode(form.Value)) .Replace("\r\n", "\n") .Split('\n') .Where(x => x.Contains("=")) .ToDictionary(x => x.Split('=')[0], x => x.Remove(0, x.Split('=')[0].Length + 1)); foreach (var param in clientParams) { info.Body.Add(form.Key + "." + param.Key + ": " + param.Value); } continue; } info.Body.Add(form.Key + ": " + form.Value); } } var responseValues = response .Replace("\r\n", "\n") .Split('\n') .Where(x => x.Contains("=")) .ToDictionary(x => x.Split('=')[0], x => x.Remove(0, x.Split('=')[0].Length + 1)); foreach (var responseValue in responseValues) { if (responseValue.Key == "tif") { var intValue = int.Parse(responseValue.Value, System.Globalization.NumberStyles.HexNumber); var translate = Enum.TryParse <SqrlCommandWorker.Tif>(intValue.ToString(), out var tifText); if (translate) { info.ResponseBody.Add(responseValue.Key + ": " + responseValue.Value + " ( " + tifText.ToString("F") + " ) "); } else { info.ResponseBody.Add(responseValue.Key + ": " + responseValue.Value + " ( !!!UNKNOWN!!! ) "); } } else { info.ResponseBody.Add(responseValue.Key + ": " + responseValue.Value); } } TransactionLog.Add(info); }
public AuthenticationTicket Unprotect(string protectedText) { try { if (protectedText == null) { return(default(AuthenticationTicket)); } var protectedData = Base64UrlTextEncoder.Decode(protectedText); if (protectedData == null) { return(default(AuthenticationTicket)); } var userData = rsa.Decrypt(protectedData); if (userData == null) { return(default(AuthenticationTicket)); } var v1 = _serializer.Deserialize(userData); var v2 = v1.Properties.ExpiresUtc; return(v1); } catch { // TODO trace exception, but do not leak other information return(default(AuthenticationTicket)); } }
/// <inheritdoc /> public TData?Unprotect(string?protectedText, string?purpose) { try { if (protectedText == null) { return(default(TData)); } var protectedData = Base64UrlTextEncoder.Decode(protectedText); if (protectedData == null) { return(default(TData)); } var protector = _protector; if (!string.IsNullOrEmpty(purpose)) { protector = protector.CreateProtector(purpose); } var userData = protector.Unprotect(protectedData); if (userData == null) { return(default(TData)); } return(_serializer.Deserialize(userData)); } catch { // TODO trace exception, but do not leak other information return(default(TData)); } }
public async Task <IActionResult> ConfirmEmail([FromBody] ConfirmEmailModel model) { try { var dataJsonBytes = Base64UrlTextEncoder.Decode(model.Token); var dataJson = Encoding.UTF8.GetString(dataJsonBytes); var data = JsonConvert.DeserializeObject <Token>(dataJson); await _authenticateService.ConfirmEmail(data.Email, data.Hash); var response = new Response { Status = 200 }; return(Ok(response)); } catch (Exception e) when(e is InvalidUserException || e is InvalidTokenException) { return(Ok(new Response { Status = 403, Message = e.Message })); } catch { return(Ok(new Response { Status = 500, Message = "Internal Server Error." })); } }
public string Base64UrlDecodeAndDecompressToUnicode(string content) { var bytes = Base64UrlTextEncoder.Decode(content); var decoded = DecompressToUnicode(bytes); return(decoded); }
public IActionResult DecryptCookie() { ViewData["Message"] = "This is the decrypt page"; var user = HttpContext.User; //User will be set to the ClaimsPrincipal //Get the encrypted cookie value string cookieValue = HttpContext.Request.Cookies["gicoOAU"]; IDataProtectionProvider provider = HttpContext.RequestServices.GetService <IDataProtectionProvider>(); //Get a data protector to use with either approach var dataProtector = provider.CreateProtector( "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Cookies", "v2"); //Get the decrypted cookie as plain text UTF8Encoding specialUtf8Encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true); byte[] protectedBytes = Base64UrlTextEncoder.Decode(cookieValue); byte[] plainBytes = dataProtector.Unprotect(protectedBytes); string plainText = specialUtf8Encoding.GetString(plainBytes); //Get teh decrypted cookies as a Authentication Ticket TicketDataFormat ticketDataFormat = new TicketDataFormat(dataProtector); AuthenticationTicket ticket = ticketDataFormat.Unprotect(cookieValue); return(Content("111")); }
public AuthenticationTicket Unprotect(string protectedText, string purpose) { var authTicket = default(AuthenticationTicket); var algorithm = JwtOptions.Algorithm; try { authTicket = _ticketSerializer.Deserialize( _dataProtector.Unprotect( Base64UrlTextEncoder.Decode(protectedText))); var embeddedJwt = authTicket .Properties? .GetTokenValue(_jwtOptions.TokenName); new JwtSecurityTokenHandler() .ValidateToken(embeddedJwt, _jwtOptions.ValidationParameters, out var token); if (!(token is JwtSecurityToken jwt)) { throw new SecurityTokenValidationException("JWT token was found to be invalid"); } if (!jwt.Header.Alg.Equals(algorithm, StringComparison.Ordinal)) { throw new ArgumentException($"Algorithm must be '{algorithm}'"); } } catch (Exception) { return(null); } return(authTicket); }
public static void ConfigureAuthentication(this IServiceCollection services, ServiceProvider provider) { var principalOptions = provider.GetService <IOptions <PrincipalConfiguration> >(); var hostingOptions = provider.GetService <IOptions <HostingConfiguration> >(); // disable claim mapping JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); var key = Base64UrlTextEncoder.Decode(principalOptions.Value.AudienceSecret); var securityKey = new SymmetricSecurityKey(key); var validationParameters = new TokenValidationParameters { NameClaimType = TokenConstants.Claims.Name, RoleClaimType = TokenConstants.Claims.Role, ValidIssuer = hostingOptions.Value.ClientDomain, ValidAudience = principalOptions.Value.AudienceId, ValidateIssuerSigningKey = true, IssuerSigningKey = securityKey, }; services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = validationParameters; options.SaveToken = true; options.RequireHttpsMetadata = true; }); }
public AuthenticationTicket Unprotect(string protectedText) { try { if (protectedText == null) { return(default(AuthenticationTicket)); } Base64UrlTextEncoder encoder = new Base64UrlTextEncoder(); var protectedData = encoder.Decode(protectedText); if (protectedData == null) { return(default(AuthenticationTicket)); } var userData = rsa.Decrypt(protectedData); if (userData == null) { return(default(AuthenticationTicket)); } return(_serializer.Deserialize(userData)); } catch { // TODO trace exception, but do not leak other information return(default(AuthenticationTicket)); } }
public async Task <IActionResult> Callback(string code, string state) { var authorization = new Authorization { AuthorizationCode = code, ExpectedState = HttpContext.Session.GetString(SSOStateKey), ReturnedState = state }; var accessToken = await esiClient.SSO.VerifyAuthorizationAsync(authorization); var character = await esiClient.SSO.GetCharacterDetailsAsync(accessToken.AccessToken); await SignInAsync(accessToken, character); if (Guid.TryParse(state, out Guid stateGuid)) { return(RedirectToAction("Index", "Home")); } else { var returnUrl = Encoding.ASCII.GetString(Base64UrlTextEncoder.Decode(state)); return(Redirect(returnUrl)); } }
private void TryRemoveUser(Dictionary <string, string> clientParams) { _logger.LogTrace("Starting to try and remove user"); if (!Request.Form.ContainsKey("urs")) { _logger.LogError("Missing URS in request to remove user"); SendResponse(Tif.IpMatch | Tif.IdMatch | Tif.CommandFailed | Tif.ClientFailed); return; } var idk = clientParams["idk"]; var message = Encoding.ASCII.GetBytes(Request.Form["client"] + Request.Form["server"]); var usersVuk = Base64UrlTextEncoder.Decode(Options.GetUserVukInternal(idk, Request.HttpContext)); var urs = Base64UrlTextEncoder.Decode(Request.Form["urs"]); var valid = Ed25519.Verify(urs, message, usersVuk); if (!valid) { _logger.LogError("Invalid URS to unlock user."); _logger.LogDebug("Message to validate: {0}", Request.Form["client"] + Request.Form["server"]); _logger.LogDebug("VUK stored on server: {0}", Options.GetUserVukInternal(idk, Request.HttpContext)); _logger.LogDebug("URS sent by client: {0}", Request.Form["urs"]); SendResponse(Tif.IpMatch | Tif.CommandFailed | Tif.ClientFailed); return; } Options.RemoveUserInternal(idk, Request.HttpContext); _logger.LogInformation("Remove user {0}", idk); _logger.LogTrace("Remove user and responding to client as valid identified user"); SendResponse(Tif.IdMatch | Tif.IpMatch, !AuthorizeNut(Request.Query["nut"])); }
/// <summary> /// /// </summary> /// <param name="str"></param> /// <param name="cursor"></param> /// <returns></returns> public static bool TryParse(string str, out NavigationCursor cursor) { if (null == str) { throw new ArgumentNullException(nameof(str)); } if (0 < str.Length) { var stream = new MemoryStream(Base64UrlTextEncoder.Decode(str)); if (TryRead(stream, out var dir, out var id, out var count)) { var direction = Enum.ToObject(typeof(NavigationCursorDirection), dir); cursor = new NavigationCursor((NavigationCursorDirection)direction, id, count); return(true); } } cursor = null; return(false); }
public async Task <IActionResult> Callback(string code, string state) { var authorization = new Authorization { AuthorizationCode = code, ExpectedState = HttpContext.Session.GetString(SSOStateKey), ReturnedState = state }; var accessToken = await esiClient.SSO.VerifyAuthorizationAsync(authorization); var character = await esiClient.SSO.GetCharacterDetailsAsync(accessToken.AccessToken); var dbUser = DataAccess.User.SelectUser(character.CharacterId); //The user does not exist in the db if (dbUser == null) { dbUser = new Models.Database.User { CharacterId = character.CharacterId, CharacterName = character.CharacterName, AccessToken = accessToken.AccessToken, RefreshToken = accessToken.RefreshToken, RefreshTokenExpiresUTC = accessToken.ExpiresUtc, APIToken = Guid.NewGuid().ToString() }; DataAccess.User.InsertUser(dbUser); } else { dbUser.AccessToken = accessToken.AccessToken; dbUser.RefreshToken = accessToken.RefreshToken; dbUser.RefreshTokenExpiresUTC = accessToken.ExpiresUtc; if (dbUser.APIToken == null) { dbUser.APIToken = Guid.NewGuid().ToString(); } dbUser.CharacterName = character.CharacterName; DataAccess.User.UpdateUser(dbUser); } Response.Cookies.Append("APIToken", dbUser.APIToken, new CookieOptions { Expires = DateTimeOffset.Now.AddDays(7) }); await SignInAsync(accessToken, character); if (Guid.TryParse(state, out Guid stateGuid)) { return(Redirect("http://localhost")); } else { var returnUrl = Encoding.ASCII.GetString(Base64UrlTextEncoder.Decode(state)); return(Redirect(returnUrl)); } }
public AuthService(IConfiguration configuration, IRoleRepository roleRepository) { this.roleRepository = roleRepository; byte[] base64DecodedSecretBytes = Base64UrlTextEncoder.Decode(configuration.GetValue <string>("Secret")); this.key = new SymmetricSecurityKey(base64DecodedSecretBytes); this.bearerTokenHandler = new JwtSecurityTokenHandler(); }
public static string FromBase64UrlEncoded(this string s) { if (s == null) { return(null); } return(Encoding.UTF8.GetString(Base64UrlTextEncoder.Decode(s))); }
public async Task <IActionResult> Index() { foreach (var scheme in await _schemes.GetRequestHandlerSchemesAsync()) { var handler1 = await _handlers.GetHandlerAsync(HttpContext, scheme.Name) as IAuthenticationRequestHandler; if (handler1 != null && await handler1.HandleRequestAsync()) { return(View()); } } var target = ResolveTarget(_options.CurrentValue.ForwardAuthenticate); var defaultAuthenticate = await _schemes.GetDefaultAuthenticateSchemeAsync(); if (defaultAuthenticate != null) { var result = await HttpContext.AuthenticateAsync(defaultAuthenticate.Name); if (result?.Principal != null) { HttpContext.User = result.Principal; } } string cookieValue = HttpContext.Request.Cookies[".Aspnetcore.Identity.Application"]; var provider = _options.CurrentValue.DataProtectionProvider; //Get a data protector to use with either approach IDataProtector dataProtector = provider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Identity.Application", "v2"); //Get the decrypted cookie as plain text UTF8Encoding specialUtf8Encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true); byte[] protectedBytes = Base64UrlTextEncoder.Decode(cookieValue); byte[] plainBytes = dataProtector.Unprotect(protectedBytes); string plainText = specialUtf8Encoding.GetString(plainBytes); //Get the decrypted cookie as a Authentication Ticket TicketDataFormat ticketDataFormat = new TicketDataFormat(dataProtector); AuthenticationTicket ticket = ticketDataFormat.Unprotect(cookieValue); //CookieAuthenticationHandler a; //a.AuthenticateAsync() //var result = (await handler.AuthenticateAsync()) ?? AuthenticateResult.NoResult(); //if (!result.Succeeded) //{ // return View(); //} //var options = _options.CurrentValue; //var cookie = options.CookieManager.GetRequestCookie(HttpContext, options.Cookie.Name!); var b = await ReadCookieTicket(); //var a = options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding()); return(View()); }
private bool ValidateSignature() { _logger.LogTrace("Validating signature of message"); var message = Request.Form["client"] + Request.Form["server"]; var ids = Base64UrlTextEncoder.Decode(Request.Form["ids"]); var idk = Base64UrlTextEncoder.Decode(GetClientParams()["idk"]); var verified = Ed25519.Verify(ids, Encoding.ASCII.GetBytes(message), idk); _logger.LogTrace("Message signature is: {0}", verified); return(verified); }
public static string DecodeToken(string encodedToken) { if (string.IsNullOrEmpty(encodedToken)) { return(null); } // get byte[] var tokenBytes = Base64UrlTextEncoder.Decode(encodedToken); // to string return(System.Text.Encoding.UTF8.GetString(tokenBytes)); }
public static T RawBase64Deserialize <T>(this string raw) { byte[] bytes = Base64UrlTextEncoder.Decode(raw); MemoryStream binary = new MemoryStream(bytes); try { return((T)(new BinaryFormatter().Deserialize(binary))); } catch (InvalidCastException) { //log exception return(default(T)); } }
public async ValueTask <ActionResult> CallersChildren(string name, string path) { name = Encoding.UTF8.GetString(Base64UrlTextEncoder.Decode(name)); var model = new CallersViewStackViewerViewModel(this.HttpContext) { TreeNodes = await this.controller.CallerTree(name, path) }; this.ViewBag.Title = "Callers Viewer"; return(this.View(model)); }
private static JwtPayload ParsePayload(string token) { var jwtSegments = token.Split("."); if (jwtSegments.Length != 3) { return(null); } var payload = jwtSegments[1]; return(JsonConvert.DeserializeObject <JwtPayload>( Encoding.UTF8.GetString(Base64UrlTextEncoder.Decode(payload)))); }
public string Decrypt(HttpContext context, string cookie) { IDataProtectionProvider dataProtectionProvider = _storedOption.DataProtectionProvider; IDataProtector protector = dataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Identity.Application", "v2"); string purpose = GetTlsTokenBinding(context); if (!string.IsNullOrEmpty(purpose)) { protector = protector.CreateProtector(purpose); } var protectedData = Base64UrlTextEncoder.Decode(cookie); byte[] userData = protector.Unprotect(protectedData); var rawText = Encoding.UTF8.GetString(userData); return(rawText); }
public bool ValidateCircuitId(string circuitId) { try { var protectedBytes = Base64UrlTextEncoder.Decode(circuitId); _protector.Unprotect(protectedBytes); // Its enough that we prove that we can unprotect the payload to validate the circuit id, // as this demonstrates that it the id wasn't tampered with. return(true); } catch (Exception) { // The payload format is not correct (either not base64urlencoded or not data protected) return(false); } }
private void HandleFiles(Form_submission s, Form form) { foreach (var qa in s.Answers.SelectMany(a => a.QuestionAnswers).Where(x => x.Files != null && x.Files.Count > 0).ToList()) { foreach (var file in qa.Files) { var destFolder = Path.Combine(hostingEnvironment.WebRootPath, "files", GetUser()?.id.ToString()); if (!Directory.Exists(destFolder)) { Directory.CreateDirectory(destFolder); } var destPath = Path.Combine(destFolder, file.filename); var data = Base64UrlTextEncoder.Decode(file.data.Substring(28)); System.IO.File.WriteAllBytes(destPath, data); } } }
/// <summary>VerifyJwtBearerTokenFlowAssertion</summary> /// <param name="jwtAssertion">string</param> /// <param name="iss">client_id</param> /// <param name="aud">Token2 EndPointのuri</param> /// <param name="scopes">scopes</param> /// <param name="jobj">JObject</param> /// <param name="xmlPublicKey">RS256用のXML公開鍵</param> /// <returns>検証結果</returns> public static bool VerifyJwtBearerTokenFlowAssertion(string jwtAssertion, out string iss, out string aud, out string scopes, out JObject jobj, string xmlPublicKey) { iss = ""; aud = ""; scopes = ""; jobj = null; JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(xmlPublicKey); if (jwtRS256.Verify(jwtAssertion)) { Base64UrlTextEncoder base64UrlEncoder = new Base64UrlTextEncoder(); string jwtPayload = Encoding.UTF8.GetString(base64UrlEncoder.Decode(jwtAssertion.Split('.')[1])); jobj = ((JObject)JsonConvert.DeserializeObject(jwtPayload)); iss = (string)jobj["iss"]; aud = (string)jobj["aud"]; //string iat = (string)jobj["iat"]; scopes = (string)jobj["scope"]; long unixTimeSeconds = 0; #if NET45 unixTimeSeconds = PubCmnFunction.ToUnixTime(DateTimeOffset.Now); #else unixTimeSeconds = DateTimeOffset.Now.ToUnixTimeSeconds(); #endif string exp = (string)jobj["exp"]; if (long.Parse(exp) >= unixTimeSeconds) { return(true); } else { // JWTの内容検証に失敗 } } else { // JWTの署名検証に失敗 } // 認証に失敗 return(false); }
private void LogFbaCookie(HttpContext Context, Guid CorrelationId) { if (_cookieAuthenticationOptions == null) { return; } // See https://stackoverflow.com/questions/42842511/how-to-manually-decrypt-an-asp-net-core-authentication-cookie // Retrieve encrypted HTTP cookie. var cookieName = $".AspNetCore.{CookieAuthenticationDefaults.AuthenticationScheme}"; var encryptedCookie = _cookieAuthenticationOptions.CurrentValue.CookieManager.GetRequestCookie(Context, cookieName); if (!encryptedCookie.IsNullOrEmpty()) { var encryptedCookieBytes = Base64UrlTextEncoder.Decode(encryptedCookie); // Decrypt cookie and remove control characters. var dataProtector = _cookieAuthenticationOptions.CurrentValue.DataProtectionProvider.CreateProtector ("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", CookieAuthenticationDefaults.AuthenticationScheme, "v2"); string cookie; try { var cookieBytes = dataProtector.Unprotect(encryptedCookieBytes); cookie = Encoding.UTF8.GetString(cookieBytes).RemoveControlCharacters(); } catch (CryptographicException exception) { // Cookie is signed by expired key. This may occur if data protection is not configured in web server startup. // Without data protection configured to persist keys, the web server creates a new key every time it recycles the application pool. // See https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-2.2 cookie = $"Failed to decrypt FBA cookie. {exception.GetSummary(true, true)}"; } _logger.Log(CorrelationId, $"FBA Cookie = {cookie}"); // The above cookie string approximates the data passed from the user's web browser to this web server. // It's an approximation because it was created by a binary serializer that converted an AuthenticationTicket class to a byte array. // See https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.ticketserializer.serialize?view=aspnetcore-2.2. // To reconstruct the AuthenticationTicket, do the following: // TicketDataFormat ticketDataFormat = new TicketDataFormat(dataProtector); // AuthenticationTicket authenticationTicket = ticketDataFormat.Unprotect(encryptedCookie); // Note that attempting to serialize AuthenticationTicket to JSON (to write to a log file or database) using Newtonsoft Json.NET causes a // "PlatformNotSupportedException: This instance contains state that cannot be serialized and deserialized on this platform" error. // This error occurs even with PreserveReferencesHandling.All and IgnoreSerializableInterface. // See https://github.com/JamesNK/Newtonsoft.Json/issues/1713. } }