Click here to Skip to main content
12,290,514 members (35,769 online)
Click here to Skip to main content
Articles » Web Development » ASP.NET » General » Downloads

Stats

59.6K views
506 downloads
68 bookmarked
Posted

The Anatomy of Forms Authentication

, 14 Mar 2008 CPOL
In this article, I will attempt explain in “gory” technical details how Forms Authentication works
GSS.Web.Security
bin
Debug
GSS.Web.Security.dll
GSS.Web.Security.pdb
obj
Debug
GSS.Web.Security.dll
GSS.Web.Security.pdb
Refactor
GSS.Web.Security.dll
TempPE
Properties
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;

namespace GSS.Web.Security
{
    class FormsAuthConfig
    {
        private byte[] _validationKey = null;
        private byte[] _encryptionKey = null;
        public string _encryptionAlgorithm = string.Empty;
        public string _hmacHashAlgorithm = string.Empty;
        public string _defaultPage = string.Empty;
        public string _logonPage = string.Empty;
        public int _cookieTimeOut = -1;
        private string _logPath = string.Empty;

        public int CookieTimeOut
        {
            get { return _cookieTimeOut; }
        }
        public string LogonPage
        {
            get { return _logonPage; }
        }
        public string DefaultPage
        {
            get { return _defaultPage; }
        }
        public string LogPath
        {
            get { return _logPath; }
        }
        public FormsAuthConfig()
        {
            try
            {
                _validationKey = Utils.HexStringToByteArray(Properties.Settings.Default.ValidationKey);
                _encryptionKey = Utils.HexStringToByteArray(Properties.Settings.Default.EncryptionKey);
                _encryptionAlgorithm = Properties.Settings.Default.EncryptionAlg;
                _hmacHashAlgorithm = Properties.Settings.Default.HmacAlg;
                _defaultPage = Properties.Settings.Default.DefaultPage;
                _logonPage = Properties.Settings.Default.LogonPage;
                _cookieTimeOut = Properties.Settings.Default.CookieTimeOut;
                _logPath = Properties.Settings.Default.LogPath;
            }
            catch { throw; }
        }
        /// <summary>
        /// Get the appropriate cryptographic transform based on the configuration settings
        /// </summary>
        /// <param name="forDecryption">true if transform is going to be used for decryption, false if for encryption</param>
        /// <returns>ICryptoTransform or throw an exception</returns>
        public ICryptoTransform GetTransform(bool forDecryption)
        {
            try
            {
                ICryptoTransform transform;
                switch (_encryptionAlgorithm)
                {
                    case "AES":
                        RijndaelManaged aes = new RijndaelManaged();
                        aes.Key = _encryptionKey;
                        aes.GenerateIV();
                        aes.IV = new byte[aes.IV.Length];
                        if (forDecryption)
                            transform = aes.CreateDecryptor();
                        else
                            transform = aes.CreateEncryptor();
                        break;
                    case "3DES":
                        TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
                        des.Key = _encryptionKey;
                        des.GenerateIV();
                        des.IV = new byte[des.IV.Length];
                        if (forDecryption)
                            transform = des.CreateDecryptor();
                        else
                            transform = des.CreateEncryptor();
                        break;
                    default:
                        throw new ApplicationException("Configuration Invalid");

                }
                return transform;
            }
            catch { throw; }
        }
        /// <summary>
        /// Computes the Hmac signature based on the configuration settings
        /// </summary>
        /// <param name="bytes">the btyes to sign</param>
        /// <returns></returns>
        public byte[] ComputeHash(byte[] bytes)
        {
            try
            {
                switch (_hmacHashAlgorithm)
                {
                    case "SHA1":
                        HMACSHA1 hashSha = new HMACSHA1(_validationKey);
                        byte[] ret = hashSha.ComputeHash(bytes);
                        return ret;
                    case "3DES":
                        HMACMD5 hashMd = new HMACMD5(_validationKey);
                        return hashMd.ComputeHash(bytes);
                    default:
                        throw new ApplicationException("Configuration Invalid");
                }
            }
            catch { throw; }
        }
        /// <summary>
        /// Computes the Hmac signature based on the configuration settings
        /// </summary>
        /// <param name="bytes">bytes to sign</param>
        /// <param name="offSet">the offset</param>
        /// <param name="count">the count</param>
        /// <returns></returns>
        public byte[] ComputeHash(byte[] bytes, int offSet, int count)
        {
             try
            {
                switch (_hmacHashAlgorithm)
                {
                    case "SHA1":
                        HMACSHA1 hashSha = new HMACSHA1(_validationKey);
                        byte[] ret = hashSha.ComputeHash(bytes, offSet, count);
                        return ret;
                    case "3DES":
                        HMACMD5 hashMd = new HMACMD5(_validationKey);
                        return hashMd.ComputeHash(bytes, offSet, count);
                    default:
                        throw new ApplicationException("Configuration Invalid");
                }
            }
            catch { throw; }
        }
    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Jarrad Winter
United States United States
No Biography provided

You may also be interested in...

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.160518.1 | Last Updated 14 Mar 2008
Article Copyright 2006 by Jarrad Winter
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid