Click here to Skip to main content
15,896,456 members
Search within:


Articles / Web Development / ASP.NET
 

HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0

Rate me:
Please Sign up or sign in to vote.
4.90/5 (38 votes)
3 Apr 2006Ms-PL4 min read 525.7K   4.3K   112  
Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection
 
using System;
using System.Web.Security;
using System.Text;

namespace AdamTibi.Web.Security {
    
    /// <summary>
    /// A class to encode, decode and validate strings based on the MachineKey
    /// </summary>
    public static class MachineKeyCryptography {

        /// <summary>
        /// Encodes a string and protects it from tampering
        /// </summary>
        /// <param name="text">String to encode</param>
        /// <returns>Encoded string</returns>
        public static string Encode(string text) {
            return Encode(text, CookieProtection.All);
        }

        /// <summary>
        /// Encodes a string
        /// </summary>
        /// <param name="text">String to encode</param>
        /// <param name="cookieProtection">The method in which the string is protected</param>
        /// <returns></returns>
        public static string Encode(string text, CookieProtection cookieProtection) {
            if (string.IsNullOrEmpty(text) || cookieProtection == CookieProtection.None) {
                return text;
            }
            byte[] buf = Encoding.UTF8.GetBytes(text);
            return CookieProtectionHelperWrapper.Encode(cookieProtection, buf, buf.Length); 
        }

        /// <summary>
        /// Decodes a string and returns null if the string is tampered
        /// </summary>
        /// <param name="text">String to decode</param>
        /// <returns>The decoded string or throws InvalidCypherTextException if tampered with</returns>
        public static string Decode(string text) {
            return Decode(text, CookieProtection.All);
        }

        /// <summary>
        /// Decodes a string
        /// </summary>
        /// <param name="text">String to decode</param>
        /// <param name="cookieProtection">The method in which the string is protected</param>
        /// <returns>The decoded string or throws InvalidCypherTextException if tampered with</returns>
        public static string Decode(string text, CookieProtection cookieProtection) {
            if (string.IsNullOrEmpty(text)) {
                return text;
            }
            byte[] buf;
            try {
                buf = CookieProtectionHelperWrapper.Decode(cookieProtection, text);
            }
            catch(Exception ex) {
                throw new InvalidCypherTextException("Unable to decode the text", ex.InnerException);
            }
            if (buf == null || buf.Length == 0) {
                throw new InvalidCypherTextException("Unable to decode the text");
            }
            return Encoding.UTF8.GetString(buf, 0, buf.Length);
        }
    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


Written By
Adam Tibi
Architect
United Kingdom United Kingdom
Passionate about refining software practices, promoting self-motivated teams and orchestrating agile projects.
Lives in London, UK and works as a .NET architect consultant in the City.

Blog AdamTibi.net.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 3 Apr 2006

Article Copyright 2006 by Adam Tibi
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1