-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathFormsAuthenticationCryptor.cs
131 lines (106 loc) · 5.3 KB
/
FormsAuthenticationCryptor.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
using Synercoding.FormsAuthentication.Encryption;
using System;
using System.IO;
namespace Synercoding.FormsAuthentication
{
/// <summary>
///
/// </summary>
/// <remarks>
/// Protect/unprotect logic based upon: https://github.com/Microsoft/referencesource/blob/master/System.Web/Security/FormsAuthenticationTicketSerializer.cs
/// </remarks>
public class FormsAuthenticationCryptor
{
private readonly FormsAuthenticationOptions _options;
public FormsAuthenticationCryptor(FormsAuthenticationOptions options)
{
_options = options;
}
public string Protect(FormsAuthenticationCookie cookie)
{
if (cookie == null)
throw new ArgumentNullException(nameof(cookie));
var unprotectedData = ConvertToBytes(cookie);
var cryptoProvider = AspNetCryptoServiceProvider.GetCryptoServiceProvider(_options);
var cryptoService = cryptoProvider.GetCryptoService();
byte[] protectedData = cryptoService.Protect(unprotectedData);
return CryptoUtil.BinaryToHex(protectedData);
}
public string Protect(FormsAuthenticationTicket ticket)
{
if (ticket == null)
throw new ArgumentNullException(nameof(ticket));
var unprotectedData = FormsAuthenticationTicketSerializer.Serialize(ticket);
var cryptoProvider = AspNetCryptoServiceProvider.GetCryptoServiceProvider(_options);
var cryptoService = cryptoProvider.GetCryptoService();
byte[] protectedData = cryptoService.Protect(unprotectedData);
return CryptoUtil.BinaryToHex(protectedData);
}
public FormsAuthenticationCookie Unprotect(string protectedText)
{
if (protectedText == null)
throw new ArgumentNullException(nameof(protectedText));
var bBlob = CryptoUtil.HexToBinary(protectedText);
var cryptoProvider = AspNetCryptoServiceProvider.GetCryptoServiceProvider(_options);
var cryptoService = cryptoProvider.GetCryptoService();
byte[] unprotectedData = cryptoService.Unprotect(bBlob);
return ConvertToAuthenticationTicket(unprotectedData);
}
private byte[] ConvertToBytes(FormsAuthenticationCookie data)
{
if (data == null)
throw new ArgumentNullException(nameof(data));
using (var ticketBlobStream = new MemoryStream())
using (var ticketWriter = new SerializingBinaryWriter(ticketBlobStream))
{
ticketWriter.Write((byte)1);
ticketWriter.Write(data.Version);
ticketWriter.Write(data.IssuedUtc.Ticks);
ticketWriter.Write((byte)0xfe);
ticketWriter.Write(data.ExpiresUtc.Ticks);
ticketWriter.Write(data.IsPersistent);
ticketWriter.WriteBinaryString(data.UserName ?? "");
ticketWriter.WriteBinaryString(data.UserData ?? "");
ticketWriter.WriteBinaryString(data.CookiePath ?? "");
ticketWriter.Write((byte)0xff);
return ticketBlobStream.ToArray();
}
}
private FormsAuthenticationCookie ConvertToAuthenticationTicket(byte[] data)
{
if (data == null)
throw new ArgumentNullException(nameof(data));
using (var ticketBlobStream = new MemoryStream(data))
using (SerializingBinaryReader ticketReader = new SerializingBinaryReader(ticketBlobStream))
{
byte serializedFormatVersion = ticketReader.ReadByte();
if (serializedFormatVersion != 0x01)
throw new ArgumentException("The data is not in the correct format, first byte must be 0x01.", nameof(data));
byte ticketVersion = ticketReader.ReadByte();
DateTime ticketIssueDateUtc = new DateTime(ticketReader.ReadInt64(), DateTimeKind.Utc);
byte spacer = ticketReader.ReadByte();
if (spacer != 0xFE)
throw new ArgumentException("The data is not in the correct format, tenth byte must be 0xFE.", nameof(data));
DateTime ticketExpirationDateUtc = new DateTime(ticketReader.ReadInt64(), DateTimeKind.Utc);
bool ticketIsPersistent = ticketReader.ReadByte() == 1;
string ticketName = ticketReader.ReadBinaryString();
string ticketUserData = ticketReader.ReadBinaryString();
string ticketCookiePath = ticketReader.ReadBinaryString();
byte footer = ticketReader.ReadByte();
if (footer != 0xFF)
throw new ArgumentException("The data is not in the correct format, footer byte must be 0xFF.", nameof(data));
//create ticket
return new FormsAuthenticationCookie()
{
Version = ticketVersion,
UserName = ticketName,
UserData = ticketUserData,
CookiePath = ticketCookiePath,
IsPersistent = ticketIsPersistent,
IssuedUtc = ticketIssueDateUtc,
ExpiresUtc = ticketExpirationDateUtc
};
}
}
}
}