gumbarros
commented
11 months ago @aabdellah did you solved your problem?
Open aabdellah opened 1 year ago
gumbarros
commented
11 months ago @aabdellah did you solved your problem?
aabdellah
commented
11 months ago Yes, by using a modified version of aspnetcrypter.
To make it work with keys from web.config using SHA1 validation and Auto encryption options, you have to replace GuessCryptoAlgorithmFactory with the following:
private class DefaultCryptoAlgorithmFactory : ICryptoAlgorithmFactory
{
public SymmetricAlgorithm GetEncryptionAlgorithm()
{
return CryptoAlgorithms.CreateAes();
}
public KeyedHashAlgorithm GetValidationAlgorithm()
{
return CryptoAlgorithms.CreateHMACSHA256();
}
}And then use initialize the decryptor with the following:
decryptor = new AspNetDecryptor(new Purpose("FormsAuthentication.Ticket"), new CryptographicKey(encryptionKey), new CryptographicKey(validationKey), false);
gumbarros
commented
11 months ago thanks @aabdellah , I solved not using Auto encryption
Hello,
I receive the following exception when trying to decrypt a cookie using the default generated keys from IIS Manager: "Signature verification failed"
From the UI of IIS Manager, the selected validation method is SHA1, and the encryption method is Auto. below is the generated web.config:
`<?xml version="1.0" encoding="UTF-8"?>
`
I'm using the following parameters to decrypt a cookie:
var decryptor = new LegacyFormsAuthenticationTicketEncryptor( HexUtils.HexToBinary("00C96CD92F741B6E4C402F6BEFC682546DE43DC837EBDCA9"), HexUtils.HexToBinary("2FF8E2B905FC0D8B47F99B3B719817112F35078669ADB20075B4F4039AAE89BF7F44F2F3477A2F099174893914A3D6437D2E1F3D09C84B0059BD4421410E276A"), ShaVersion.Sha1 );Is there anything wrong from my end to get that exception?