Not compatible with netcoreapp1.0

[jamlen]

This looks perfect for my usage, but I'm unable to install it from nuget, I get:

Package AspNetCore.LegacyAuthCookieCompat 1.0.1 is not compatible with netcoreapp1.0 (.NETCoreApp,Version=v1.0). Package AspNetCore.LegacyAuthCookieCompat 1.0.1 supports: net45 (.NETFramework,Version=v4.5)

[dazinator]

Yes this library does not support netstandard / netcore app.

netstandard / netcore app basically allows cross platform. However "FormsAuthenticationTicket"'s can only be decrypted on windows machines due to a dependence on "webengine4.dll" :

https://github.com/dazinator/AspNetCore.LegacyAuthCookieCompat/blob/master/src/AspNetCore.AuthCookieCompat/UnsafeNativeMethods.cs#L10

Basically, when legacy asp.net web applications create and encrypt a FormsAuthenticationTicket (using system.web) to produce a cookie, webengine4.dll is used in that process (a windows native library) - and that means this cookie cannot be unencrypted without also using webengine4.dll to decrypt the data contained within it. What happens in "webengine4.dll" is sadly a complete mystery (black box) to me, so this means that this is all tied to windows platforms only - where "webengine4.dll" is available.

Hence, supporting netstandard or netcoreapp won't reallly be possible. Right now this library supports full .net 4.5 only.

If your net core app doesn't need to be cross platform - i.e windows only, then you can stop targeting netcoreapp and target net 45 instead.

[jamlen]

Doh! Yeah my app does need to be cross platform. Basically I have some very legacy systems (.NET 2.0) which are using Forms Authentication Cookies and I want to move the login form into a node.js/passport.js application and have a dotnet core proxy layer so for pages that are still on the old site I need to have a valid cookie. I was hoping that I could write the appropriate cookie in node world and it be valid when accessing the legacy... doesn't sound like it!

[dazinator]

Yeah unfortunately I don't think you will be able to decrypt or encrypt a legacy FormsAuthenticationTicket without "webengine4" dll which AFAIK is native to windows. If we could figure out how to replace that assembly (specifically the methods that I linked) then all things would become possible.

I have updated the main README with a note about this to try and make this more clear for anyone stumbling accross this library in future.

[dazinator]

Saying all that.. I wonder how Mono have managed to implement FormsAuthentication if this aspect is windows only.. Something doesn't quite add up there..

https://github.com/mono/mono/blob/master/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs

[dazinator]

I have a feeling it might be possible to replace webengine4.dll - some promising stuff here: https://github.com/mono/mono/blob/0bcbe39b148bb498742fc68416f8293ccd350fb6/mcs/class/System.Web/System.Web.Util/MachineKeySectionUtils.cs

I won't have time to investigate any further though.

[jamlen]

Thanks @dazinator I'll have a poke around.

[dazinator]

@jamlen - you might be interested in PR #2

[jamlen]

@dazinator cheers, I'll take a look and see if it works!

[PaddoSwam]

I've covered atleast the AES encryption SHA1 validation use case, will investigate further @jamlen do give a shoutout if you run into any problems!

[dazinator]

Have accepted this PR now. I'll get to work on the appveyor build and nuget release.

[dazinator]

I have manually released a new NuGet package for now, as AppVeyor doesn't really support VS2017 builds yet. NuGet package is here: https://www.nuget.org/packages/AspNetCore.LegacyAuthCookieCompat/1.0.2