Skip to content

Instantly share code, notes, and snippets.

View qJake's full-sized avatar

Jake Burgy qJake

View GitHub Profile
dazinator / FormsAuthenticationTicketHelper.cs
Last active December 27, 2023 09:46
Decrypt a Legacy ASP.NET Forms Authentication Cookie (that uses SHA1 validation, and AES encryption) - without horrendous dependencies on system.web.. This allows you to decrypt a forms authentication cookie that was created in ASP.NET 3.5, from an ASP.NET 5 application.
internal static class FormsAuthenticationTicketHelper
private const byte CURRENT_TICKET_SERIALIZED_VERSION = 0x01;
private const int MAX_TICKET_LENGTH = 4096;
// Resurrects a FormsAuthenticationTicket from its serialized blob representation.
// The input blob must be unsigned and unencrypted. This function returns null if
// the serialized ticket format is invalid. The caller must also verify that the
// ticket is still valid, as this method doesn't check expiration.