Click here to Skip to main content
12,559,073 members (37,027 online)
Click here to Skip to main content


111 bookmarked

HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0

, 3 Apr 2006 Ms-PL
Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection.
using System;
using System.Web;
using System.Web.Security;
using System.Reflection;

namespace AdamTibi.Web.Security {

    /// <summary>
    /// A wrapper arroud System.Web.Security.CookieProtectionHelper internal class
    /// </summary>
    public static class CookieProtectionHelperWrapper {

        private static MethodInfo _encode;
        private static MethodInfo _decode;

        /// <summary>
        /// Constructor
        /// </summary>
        static CookieProtectionHelperWrapper() {
            // obtaining a reference to System.Web assembly
            Assembly systemWeb = typeof(HttpContext).Assembly;
            if (systemWeb == null) {
                throw new InvalidOperationException("Unable to load System.Web.");
            // obtaining a reference to the internal class CookieProtectionHelper
            Type cookieProtectionHelper = systemWeb.GetType("System.Web.Security.CookieProtectionHelper");
            if (cookieProtectionHelper == null) {
                throw new InvalidOperationException("Unable to get the internal class System.Web.Security.CookieProtectionHelper.");
            // obtaining references to the methods of CookieProtectionHelper class
            _encode = cookieProtectionHelper.GetMethod("Encode", BindingFlags.NonPublic | BindingFlags.Static);
            _decode = cookieProtectionHelper.GetMethod("Decode", BindingFlags.NonPublic | BindingFlags.Static);

            if (_encode == null || _decode == null) {
                throw new InvalidOperationException("Unable to get the methods to invoke.");

        /// <summary>
        /// Wrapper arround CookieProtectionHelper.Encode
        /// </summary>
        /// <param name="cookieProtection">Protection Type</param>
        /// <param name="buf">Bytes buffer to encode</param>
        /// <param name="count">The number of bytes in the buffer</param>
        /// <returns>Encoded text</returns>
        public static string Encode(CookieProtection cookieProtection, byte[] buf, int count) {
            return (string)_encode.Invoke(null, new object[] { cookieProtection, buf, count });

        /// <summary>
        /// Wrapper arround CookieProtectionHelper.Decode
        /// </summary>
        /// <param name="cookieProtection">Protection Type</param>
        /// <param name="data">String to decode</param>
        /// <returns>Decoded bytes</returns>
        public static byte[] Decode(CookieProtection cookieProtection, string data) {
            return (byte[])_decode.Invoke(null, new object[] { cookieProtection, data });



By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.


This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


About the Author

Adam Tibi
United Kingdom United Kingdom
Passionate about refining software practices, promoting self-motivated teams and orchestrating agile projects that hit the deadline.
Lives in London, UK and works as a .NET architect consultant in the City.

Need a pro service to help your organisation? Contact me via my website

You may also be interested in...

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.161026.1 | Last Updated 3 Apr 2006
Article Copyright 2006 by Adam Tibi
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid