First, I want to thank you for this great piece of code.
I've come across it and it works like a charm!
Now, one issue that I've encountered is that when the value of a cookie can't be decrypted, it throws a CryptographicException that is not handled and bubbles up the stack, which crashes the request.
Would you be open to catching exceptions in FormsAuthenticationDataFormat<TData>.Unprotect and return default(TData) on exceptions like it's done in the SecureDataFormat<TData> in ASP.NET Core?
If so, we could also augment the FormsAuthenticationOptions with a property that specifies what to do with the exceptions, like logging, etc...
Let me know what you think, I'll be happy to open a PR if you give me the green light.
Cheers!
Hi there :wave:
First, I want to thank you for this great piece of code. I've come across it and it works like a charm!
Now, one issue that I've encountered is that when the value of a cookie can't be decrypted, it throws a
CryptographicException
that is not handled and bubbles up the stack, which crashes the request.Would you be open to catching exceptions in
FormsAuthenticationDataFormat<TData>.Unprotect
and returndefault(TData)
on exceptions like it's done in theSecureDataFormat<TData>
in ASP.NET Core?If so, we could also augment the
FormsAuthenticationOptions
with a property that specifies what to do with the exceptions, like logging, etc...Let me know what you think, I'll be happy to open a PR if you give me the green light. Cheers!