发表新帖
发表新帖

How to get at contents of Forms Authentication ticket with PHP

后端 未结
关注
3 1684
情话喂你
情话喂你 2021-01-07 11:17

I need to undo the following ASP.Net processes in PHP so I can get at the username and expiration date in a ticket. I\'ve decrypted the 3DES encryption (step 3 below) but I\

相关标签:
3条回答
  • 猫巷女王i
    2021-01-07 11:36

    I've been working it out, and I have managed to get the forms authentication ticket contents in PHP.

    1. Decrypt the ticket with the same key used to encrypt it on the .Net side. For this, I'm using http://www.navioo.com/php/docs/function.mcrypt-encrypt.php.

    2. The decryption adds padding to the end of the string, I remove that.

    3. I'm left with a string with a 20 byte SHA1 hash at the end. Those last 20 bytes (should) match the SHA1 hash of the first part of the string (string length - 20 bytes). I'm still working on this part, trying to figure out how .NET converts a byte array into a single clump of data that can be SHA1 hashed (so I can do the same on the PHP side).

    That's really all there is to it.

    0 讨论(0)
  • 清酒与你
    2021-01-07 11:46

    For anyone else wanting to do this, please note that the AES encryption used by ASP.NET is always of 16-byte block size, i.e. MCRYPT_RIJNDAEL_128 in PHP mcrypt terminology, and uses CBC mode. The key length (32 bytes / 256 bits by ASP.NET default) is determined by PHP from the actual key supplied. Also, the beginning of the decrypted data seems to become corrupted unless the IV is all zeros (i.e. "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0").

    For more information on decoding the data, see: http://www.codeproject.com/KB/aspnet/Forms_Auth_Internals.aspx

    0 讨论(0)
  • 予麋鹿
    2021-01-07 11:57

    I don't think this is possible...

    A few pre-requisite questions:

    • Are you sure you have decrypted the string correctly, with the correct MachineKey value and decryption algorithm? I know ASP.NET 1.0 used 3DES but newer versions generally use AES by default.
    • Why are you accessing this data in the first place? The FormsAuthenticationTicket was not intended to be "broken", and if you were going to access these values from a different language you may consider rolling your own scheme.

    Some noteworthy observations:

    Buried in FormsAuthentication.Decrypt() is a call to UnsafeNativeMethods.CookieAuthParseTicket(...). Here is the signature:

    [DllImport("webengine.dll", CharSet=CharSet.Unicode)]
internal static extern int CookieAuthParseTicket(byte[] pData, int iDataLen, StringBuilder szName, int iNameLen, StringBuilder szData, int iUserDataLen, StringBuilder szPath, int iPathLen, byte[] pBytes, long[] pDates);

    This parses what looks to be a byte array returned from MachineKeySection.HexStringToByteArray() (apparently a function that appears to decode the string using UTF-8) into the individual members of the FormsAuthenticationTicket.

    I can only assume that no matter which decoding method you use (ASCII, UTF-16, etc.) you're not going to get the data back unless you know Microsoft's implementation hidden in this native method.

    MSDN may also offer some help.

    0 讨论(0)
 看不清?
提交回复
热议问题