FormsAuthentication to PHP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm trying to make my PHP scripts communicate with a ASP.NET based
authentication solution.

I have $_COOKIE["FormsAuth"], but it's encrypted using the
FormsAuthentication.Encrypt method.

This is the example code showing the encryption:

Is there a way to decrypt this cookie using PHP?

Here's an overview of FormsAuthentication methods in ASP.NET for those
who are curious:

Kim André Akerø
(remove NOSPAM to contact me directly)

Re: FormsAuthentication to PHP

Kim André Akerø wrote:
Quoted text here. Click to load it

Hi, Kim,

If you knew the algorithm they used for doing the encryption you could.  
  But without that you don't stand much chance.  And unfortunately, I  
don't seen any of the gory details on that page.

I did a quick google search to see if I could come up with anything  
about how they do it, but didn't find anything.  I guess someone would  
have to reverse engineer the code - which would be difficult, but not  

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: FormsAuthentication to PHP

Kim André Akerø wrote:
Quoted text here. Click to load it

FormsAuthentication.Encrypt produces a serialized
FormsAuthenticationTicket object...

Quoted text here. Click to load it

Yes, but only on Windows.  You'll have to define a COM or a DOTNET
object and decrypt the cookie the Windows way, using

A much simpler solution would be to tweak with the ASP.Net code and
have it explicitly set cookies based on FormsAuthenticationTicket
properties (CookiePath, Expiration, Expired, IsPersistent, IssueDate,
Name, UserData, Version).  Something along these lines:

Dim cookie As HttpCookie
cookie = New HttpCookie("Expiration")
cookie.Value = authTicket.Expiration.ToString

Then, instead of dealing with the serialized object in
$_COOKIE["FormsAuth"], you would be dealing with plain and simple

My guess is that about the only value you really need is Expiration...


Site Timeline