-1

I've created a Web Forms Application project only to test this case. I'm using the default web template of .NET4 framework without any modifications and 3 buttons and 1 label on the Default.aspx page.

Buttons: btnLogin, btnSetCookie, btnGetCookie

Label: lblCookieInfo

Flow:

  1. Click Login
  2. Click Set Cookie button
  3. Click Get Cookie button

Now, when i click the third button to retrieve the cookie, always throws me an error when reaches the Decrypt method (Invalid value for 'encryptedTicket' parameter). When I try to retrieve the cookie into httpCookie is blank without any value. What am i doing wrong?

protected void btnLogin_Click(object sender, EventArgs e)
{
    FormsAuthentication.SetAuthCookie("myUserName", createPersistentCookie: true);
    Response.Redirect("~/");
}

protected void btnSetCookie_Click(object sender, EventArgs e)
{
    var ticket = new FormsAuthenticationTicket(1,
        "myUserName",
        DateTime.Now,
        DateTime.Now.AddMinutes(10),
        true,
        "data value of cookie",
        FormsAuthentication.FormsCookiePath);

    string encTicket = FormsAuthentication.Encrypt(ticket);

    var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
    {
        Expires = ticket.Expiration,
        HttpOnly = true
    };
    btnGetCookie.Enabled = true;

    Response.Cookies.Add(authCookie);
}

protected void btnGetCookie_Click(object sender, EventArgs e)
{
    var httpCookie = Response.Cookies[FormsAuthentication.FormsCookieName];
    lblCookieInfo.Visible = true;
    if (httpCookie == null)
    {
        lblCookieInfo.Text = "Cookie is Null";
        return;
    }

    //Here throws error!
    var decryptedCookie = FormsAuthentication.Decrypt(httpCookie.Value);
    if (decryptedCookie == null)
    {
        lblCookieInfo.Text = "Cookie can't be decrypted.";
        return;
    }

    lblCookieInfo.Text = string.Format("Name: {0}, Is Expired: {1}, Is Persistent: {2}, Expiration: {3}, Path: {4}, User data: {5}", 
        decryptedCookie.Name, decryptedCookie.Expired, 
        decryptedCookie.IsPersistent, decryptedCookie.Expiration, 
        decryptedCookie.CookiePath, decryptedCookie.UserData);
}
Cœur
  • 37,241
  • 25
  • 195
  • 267
CodeArtist
  • 5,534
  • 8
  • 40
  • 65
  • Were you able to determine why this was throwing an exception? I have a similar issue right now I'm having trouble isolating. I notice this code is not checking for an empty cookie value as mentioned here: http://stackoverflow.com/questions/18895746/invalid-value-for-encryptedticket-parameter/24837242#24837242 that may help, but I'm still curious as to why it would be empty? – Matt Klinker Mar 27 '15 at 14:59
  • @mklinker i can't remember right now but i do remember that the problem was ridiculously simple. Is probable to be what you saying. – CodeArtist Mar 27 '15 at 16:07
  • @mklinker please take a look at my answer bellow it may help you... – CodeArtist Mar 27 '15 at 16:16
  • thanks for the followup, I see the additional cookie value check along with the try...catch - I'll do something similar; still wish I really understood the how and why though – Matt Klinker Mar 27 '15 at 18:26

1 Answers1

1

I really don't remember how i solve it but i created the following class. I think the problem was a parameter in FormsAuthenticationTicket(...) function.

public static class EncryptedCookie
{
    public static HttpCookie SetEncryptedCookie(string name, DateTime expiration, bool httpOnly, string userData, string cookiePath)
    {
        var ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, expiration, false, userData, cookiePath);
        string encTicket = FormsAuthentication.Encrypt(ticket);

        var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
        {
            Expires = ticket.Expiration,
            HttpOnly = httpOnly
        };
        return authCookie;
    }

    public static FormsAuthenticationTicket GetEncryptedCookie(HttpCookie cookie)
    {
        if (cookie == null || string.IsNullOrEmpty(cookie.Value)) return null;
        FormsAuthenticationTicket decryptedCookie;
        try
        {
            decryptedCookie = FormsAuthentication.Decrypt(cookie.Value);
            if (decryptedCookie == null || string.IsNullOrEmpty(decryptedCookie.Name) || decryptedCookie.Expired) return null;
        }
        catch
        {
            return null;
        }
        return decryptedCookie;
    }

    public static void RemoveCookie(string cookieName)
    {
        HttpContext.Current.Request.Cookies.Remove(cookieName);
    }
}
CodeArtist
  • 5,534
  • 8
  • 40
  • 65