static FormsAuthenticationTicket Decrypt2(byte [] bytes) { if (protection == FormsProtectionEnum.None) { return(FormsAuthenticationTicket.FromByteArray(bytes)); } MachineKeySection config = (MachineKeySection)WebConfigurationManager.GetWebApplicationSection(machineKeyConfigPath); byte [] result = null; if (protection == FormsProtectionEnum.All) { result = MachineKeySectionUtils.VerifyDecrypt(config, bytes); } else if (protection == FormsProtectionEnum.Encryption) { result = MachineKeySectionUtils.Decrypt(config, bytes); } else if (protection == FormsProtectionEnum.Validation) { result = MachineKeySectionUtils.Verify(config, bytes); } return(FormsAuthenticationTicket.FromByteArray(result)); }
static FormsAuthenticationTicket Decrypt2(byte [] bytes) { if (protection == FormsProtectionEnum.None) { return(FormsAuthenticationTicket.FromByteArray(bytes)); } #if NET_2_0 MachineKeySection config = (MachineKeySection)WebConfigurationManager.GetWebApplicationSection(machineKeyConfigPath); #else MachineKeyConfig config = HttpContext.GetAppConfig(machineKeyConfigPath) as MachineKeyConfig; #endif bool all = (protection == FormsProtectionEnum.All); byte [] result = bytes; if (all || protection == FormsProtectionEnum.Encryption) { ICryptoTransform decryptor; decryptor = TripleDES.Create().CreateDecryptor(GetDecryptionKey(config), init_vector); result = decryptor.TransformFinalBlock(bytes, 0, bytes.Length); bytes = null; } if (all || protection == FormsProtectionEnum.Validation) { int count; MachineKeyValidation validationType; #if NET_2_0 validationType = config.Validation; #else validationType = config.ValidationType; #endif if (validationType == MachineKeyValidation.MD5) { count = MD5_hash_size; } else { count = SHA1_hash_size; // 3DES and SHA1 } #if NET_2_0 byte [] vk = MachineKeySectionUtils.ValidationKeyBytes(config); #else byte [] vk = config.ValidationKey; #endif byte [] mix = new byte [result.Length - count + vk.Length]; Buffer.BlockCopy(result, 0, mix, 0, result.Length - count); Buffer.BlockCopy(vk, 0, mix, result.Length - count, vk.Length); byte [] hash = null; switch (validationType) { case MachineKeyValidation.MD5: hash = MD5.Create().ComputeHash(mix); break; // From MS docs: "When 3DES is specified, forms authentication defaults to SHA1" case MachineKeyValidation.TripleDES: case MachineKeyValidation.SHA1: hash = SHA1.Create().ComputeHash(mix); break; } if (result.Length < count) { throw new ArgumentException("Error validating ticket (length).", "encryptedTicket"); } int i, k; for (i = result.Length - count, k = 0; k < count; i++, k++) { if (result [i] != hash [k]) { throw new ArgumentException("Error validating ticket.", "encryptedTicket"); } } } return(FormsAuthenticationTicket.FromByteArray(result)); }