Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Customize the cookie value in MVC5 ASP.NET Identity

Tags:

c#

asp.net

asp.net-mvc

cookies

asp.net-identity

I am in the process of changing our authentication implementation to use MVC5 ASP.NET Identity with Owin.

However we need to integrate our sign in with other linked applications and websites on the same domain. We currently do this by sharing the cookie between applications across a number of subdomains. The cookie in a very specific format and encryption algorithm that a variety of applications and technologies (ie not all are in .NET or on the same server) can use.

I have found that in the App_Start ConfigureAuth.cs you can set the app.UseCookieAuthentication to specify things like the cookie name and the subdomain of the cookie (eg ASP.NET Identity Cookie across subdomains).

This is a very good start, but I also need to change the actual value of the cookie to be a specific format and encryption algorithm.

Does anyone know how to customize the value and encryption type used to create and read the cookie?

Thanks for any help, Saan

like image 255
Saan Avatar asked Feb 10 '14 13:02

Saan

1 Answers

CookieAuthenticationOptions class has a property called TicketDataFormat which is meant for this purpose. You can implement a custom ISecureDataFormat object and achieve this. A default has been assigned for this TicketDataFormat if you have not overridden this. 

app.UseCookieAuthentication(new CookieAuthenticationOptions() 
{ 
   TicketDataFormat = new MyCustomSecureDataFormat()
});

public class MyCustomSecureDataFormat : ISecureDataFormat<AuthenticationTicket>
{
     private static AuthenticationTicket savedTicket;

     public string Protect(AuthenticationTicket ticket)
     {
         //Ticket value serialized here will be the cookie sent. Encryption stage.
         //Make any changes if you wish to the ticket
         ticket.Identity.AddClaim(new Claim("Myprotectionmethod", "true"));
         return MySerializeAndEncryptedStringMethod(ticket);
     }

     public AuthenticationTicket Unprotect(string cookieValue)
     {
         //Invoked everytime when a cookie string is being converted to a AuthenticationTicket. 
         return MyDecryptAndDeserializeStringMethod(cookieValue);
     }
 }
like image 120
Praburaj Avatar answered Sep 21 '22 19:09

Praburaj
Sign in to Comment

Related questions

Mongodb c# driver and ISODate
Getting the type of expression result in Roslyn
WebClient DownloadString not returning anything
Using inline object method call vs. declaring a new variable
Explicit resolving of ILog in Autofac when using with Log Injection Module
RuntimeBinderException when accessing dynamic anonymous type in view
How to use reflection to get properties of a base class before properties of the derived class
How to let table layout fit 100% of the container with
EPPlus: How to style merged cells?
Overriding default parameters in C# [duplicate]
How to write an XElement to an XmlWriter that has contents already
Store data in Windows Store app
Custom MembershipProvider: No parameterless constructor defined for this object
.dll reference loads properly into c# project in Debug mode but can't find namespaces in Release
Round 100.11 to 100.15 and 100.16 to 100.20 in c#
C# implicitly updates parameter passed to method with no return type and no out or ref usage
unit testing for ArgumentNullException by param name
Returning IEnumerable from Repository using ToList() vs using IList
How to Programmatically Set GPO to Not Configured or Disabled
MVC Attribute Routing - Default Controller Index with GET and POST

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!