FormsAuthentication to PHP

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Kim André Akerø
    #1

    FormsAuthentication to PHP

    I'm trying to make my PHP scripts communicate with a ASP.NET based
    authentication solution.

    I have $_COOKIE["FormsAuth"], but it's encrypted using the
    FormsAuthentica tion.Encrypt method.

    This is the example code showing the encryption:
    http://dev.bd0.net/test/formsauth.txt


    Is there a way to decrypt this cookie using PHP?

    Here's an overview of FormsAuthentica tion methods in ASP.NET for those
    who are curious:
    <http://msdn2.microsoft.com/en-us/lib...ity.formsauthe
    ntication_metho ds.aspx>

    --
    Kim André Akerø
    - kimandre@NOSPAM betadome.com
    (remove NOSPAM to contact me directly)
    Tags: None
    • Jerry Stuckle
      #2
      Re: FormsAuthentica tion to PHP

      Kim André Akerø wrote:
      I'm trying to make my PHP scripts communicate with a ASP.NET based
      authentication solution.
      >
      I have $_COOKIE["FormsAuth"], but it's encrypted using the
      FormsAuthentica tion.Encrypt method.
      >
      This is the example code showing the encryption:
      http://dev.bd0.net/test/formsauth.txt

      >
      Is there a way to decrypt this cookie using PHP?
      >
      Here's an overview of FormsAuthentica tion methods in ASP.NET for those
      who are curious:
      <http://msdn2.microsoft.com/en-us/lib...ity.formsauthe
      ntication_metho ds.aspx>
      >
      Hi, Kim,

      If you knew the algorithm they used for doing the encryption you could.
      But without that you don't stand much chance. And unfortunately, I
      don't seen any of the gory details on that page.

      I did a quick google search to see if I could come up with anything
      about how they do it, but didn't find anything. I guess someone would
      have to reverse engineer the code - which would be difficult, but not
      impossible.

      --
      =============== ===
      Remove the "x" from my email address
      Jerry Stuckle
      JDS Computer Training Corp.
      jstucklex@attgl obal.net
      =============== ===

        Comment

        • NC
          #3
          Re: FormsAuthentica tion to PHP

          Kim André Akerø wrote:
          >
          I'm trying to make my PHP scripts communicate with
          a ASP.NET based authentication solution.
          >
          I have $_COOKIE["FormsAuth"], but it's encrypted using
          the FormsAuthentica tion.Encrypt method.
          FormsAuthentica tion.Encrypt produces a serialized
          FormsAuthentica tionTicket object...
          Is there a way to decrypt this cookie using PHP?
          Yes, but only on Windows. You'll have to define a COM or a DOTNET
          object and decrypt the cookie the Windows way, using
          FormsAuthentica tion.Decrypt...

          A much simpler solution would be to tweak with the ASP.Net code and
          have it explicitly set cookies based on FormsAuthentica tionTicket
          properties (CookiePath, Expiration, Expired, IsPersistent, IssueDate,
          Name, UserData, Version). Something along these lines:

          Dim cookie As HttpCookie
          cookie = New HttpCookie("Exp iration")
          cookie.Value = authTicket.Expi ration.ToString
          Response.Cookie s.Add(cookie)

          Then, instead of dealing with the serialized object in
          $_COOKIE["FormsAuth"], you would be dealing with plain and simple
          $_COOKIE['Expiration'].

          My guess is that about the only value you really need is Expiration...

          Cheers,
          NC

            Comment

            Previous template Next
            Working...