i heard that form auth cookie is digitally signed. so i like to know in details what is the meaning of digitally signed cookie. what technique asp.net used to signed a cookie digitally?
suppose if i want to digitally signed my own cookie then what are the steps i need to follow?
where the salt keyword stored which asp.net engine used to encrypt form auth cookie ?
can we change that salt keyword ?
please see the below code for form auth cookie generation
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
userName,
DateTime.Now,
DateTime.Now.AddDays(90),
createPersistentCookie,
string.Empty);
// add cookie to response stream
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
System.Web.HttpCookie authCookie = new System.Web.HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (authTicket.IsPersistent)
{
authCookie.Expires = authTicket.Expiration;
}
System.Web.HttpContext.Current.Response.Cookies.Add(authCookie); i heard that user name is stored in form auth cookie as a hash value but if u see the above code then can realize all authticket is getting encrypted and stored in cookie.
where Hash is generating ?
