|
|
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Assembly Name="AdamTibi.Web.Security" %>
<%@ Import Namespace="AdamTibi.Web.Security" %>
<html>
<head runat="server">
</head>
<body>
<%
HttpCookie cookie = new HttpCookie("UserName", "Terminator");
cookie.Expires = DateTime.Now.AddYears(30);
// Encoding the cookie then tamering it before decoding.
HttpCookie encodedCookie = HttpSecureCookie.Encode(cookie, CookieProtection.Validation);
Response.Write("Cookie value after encode with CookieProtection.Validation:<br />" + encodedCookie.Value + "<br /><br />");
// Tampering
encodedCookie.Value = encodedCookie.Value.Replace("X", "Y");
HttpCookie decodedCookie;
try {
decodedCookie = HttpSecureCookie.Decode(encodedCookie, CookieProtection.Validation);
}
catch (InvalidCypherTextException ex) {
Response.Write("unable to decode the cookie: " + ex.Message);
}
// This line will never be reached because the cookie is tampered with.
%>
</body>
</html>
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
Passionate about refining software practices, promoting self-motivated teams and orchestrating agile projects.
Lives in London, UK and works as a .NET architect consultant in the City.
Blog
AdamTibi.net.
Submit an article or tip