A library to decrypt Forms Authentication cookies on the .NET Core runtime. Typically these cookies are created on older/legacy ASP.NET applications running .NET Framework, but may need to be decrypted/validated in a cloud or serverless context running .NET Core, e.g. AWS Lambda.
-
At the time of writing, .NET Core 2.1 does not include the APIs for decrypting FormsAuthentication cookies. However, Microsoft has open-sourced .NET Framework, allowing us to easily port the code to .NET Core.
-
This version supports AES (for decryption) and HMAC256/384/512 (hashing).
-
It can decode Forms Auth cookies created for MachineKeyCompatibilityMode.Framework45 and above.
- For cookies created on Framework20SP1 or Framework20SP2, see https://www.nuget.org/packages/AspNetCore.LegacyAuthCookieCompat/
-
The code is unchanged from the original version except:
- Unused methods removed
- Removed code for encryption - e.g. NetFXCryptService.Protect(...) method - leaving only decryption code
- Some comments removed
-
The code has been released by Microsoft under the MIT license.