Works on IIS Express but does not work on IIS 10

synercoder / FormsAuthentication

Enable ASP.NET Core 2 cookies to read old ASP.NET Forms Authentication cookies

MIT License

74 stars 25 forks source link

Works on IIS Express but does not work on IIS 10 #28

Closed ramusbucket closed 3 years ago

ramusbucket commented 3 years ago

I ran your samples from Visual Studio 2019, while they worked with IIS Express. But when I deployed them on IIS on my local machine, decryption in .Net core application seems to be failing - "Error occurred during a cryptographic operation.".

This part seems to be returning null

   if (!CryptoUtil.BuffersAreEqual(
      buffer1: protectedData, buffer1Offset: ivByteCount + encryptedPayloadByteCount, buffer1Count: signatureByteCount,
      buffer2: computedSignature, buffer2Offset: 0, buffer2Count: computedSignature.Length))
  {

      // the computed signature didn't match the incoming signature, which is a sign of payload tampering
      return null;
  }

When I compared cookie generated from IIS Express and IIS, they are of different length. Could that be a problem?

One other thing I have is - I have machine keys generated on IIS which are same as what I'm using in IIS Express, basically, I'm using same keys as in repo samples. Any clue about why it doesn't work on IIS?

ramusbucket commented 3 years ago

This works, if the cookie is created with newest crypto routines (.Net Framework 4.5+).

For this to work, I have to add/update

targetFramework to anything 4.5+ on httpRuntime element
compatibilityMode="Framework45" on MachineKey element

in web.config of Asp.Net Web Forms legacy application

and as I changed this there were errors for Unobtrusive validations which can be resolved by adding (this is optional) <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" /> to appSettings section.

Thank you for this good work @synercoder