Menu
Hello as the titles says, I'm trying to pass my cookie over pages, but I need to encrypt them and on the specific page (Home.aspx) i need to decrypt it. anyone has any idea how to?
My Code so far, Login.aspx:
HttpCookie UserCookie = new HttpCookie("Login");
UserCookie.Value = txtUsername.Text;
UserCookie.Expires = DateTime.Now.AddHours(2);
Response.Cookies.Add(UserCookie);
741
If the cookie was sent in plain-text, then the user could just edit the values, exposing a glaring security hole in the application. The ASP.NET Core data-protection system is used for exactly this purpose. It encrypts and decrypts sensitive data such as the authentication cookie.
Decrypt de key of the cookie: do Base64 decoding, then decrypt it using your institution's private RSA key. Decrypt the data using the decrypted AES key. Check the digest using secutix public certificate. The following example in java will show you how to proceed.
Cookies are small text files to hold values within browser. As cookies are stored in a plain text file it is very easy to read and modify content of the cookies. However you can encrypt and decrypt cookies to provide some security.
Encrypting the value of the cookie is a good way to mitigate this risk. If the value has encryption the client can't know what it means. This prevents attackers from sniffing cookie values and crafting attacks on the server. The encryption you use can be a one-way lookup of the cookie value.
I had to change LGSon's answer slightly so it worked for me.
Convert.ToBase64String(MachineKey.Protect(Encoding.UTF8.GetBytes("your cookie value")))
Encoding.UTF8.GetString(MachineKey.Unprotect(Convert.FromBase64String("your cookie value")))
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
