aspxauth
Note: There are many variables, flags, and version-specific considerations for how .NET generates the .aspxauth
cookie. This library works for our needs using older versions of the .NET framework. Your milage may vary.
Provides utilities to assist in generating, validating and decrypting .NET authorization tickets (usually set in the .ASPXAUTH cookie) for interoperation with .NET authentication.
Setup
The module must be initialized with configuration that corresponds to your .NET configuration and the machine key used to generate the auth ticket.
validationMethod
(string): (default "sha1")validationKey
(string): hex encoded key to use for signature validationdecryptionMethod
(string): (default "aes")decryptionIV
(string): hex encoded initialization vector (defaults to a vector of zeros)decryptionKey
(string): hex encoded key to use for decryptionticketVersion
(integer): if specified then will be used to validate the ticket versionvalidateExpiration
(bool): (defaulttrue
) if false then decrypted tickets will be returned even if past their expirationencryptAsBuffer
(bool): (defaultfalse
) if true, encrypt will return a buffer rather than a hex encoded stringdefaultTTL
(integer): (default 24hrs) if provided is used as milliseconds fromissueDate
to expire generated ticketsdefaultPersistent
(bool): (defaultfalse
) if provided is used as defaultisPersistent
value for generated ticketsdefaultCookiePath
(string): (default "/") if provided is used as defaultcookiePath
for generated tickets
// Configurevar aspxauth = validationMethod: "sha1" validationKey: processenvDOTNET_VALIDATION_KEY decryptionMethod: "aes" decryptionIV: processenvDOTNET_DECRYPTION_IV decryptionKey: processenvDOTNET_DECRYPTION_KEY ; // Generate encrypted cookievar encryptedCookieValue = aspxauth; // Decrypt an existing cookievar authTicket = aspxauth;
Supported validation methods
- sha1
Supported decryption methods
- aes