Code to Decrypt a Persistent Cookie after the Key has Changed

This topic shows how to decrypt a cookie that was encrypted with an obsolete key. This is not a complete example because many of the details will be specific to your application. You will need to implement a method for storing and retrieving the obsolete keys. If you store more than one obsolete key, then you will need to change the code to try each saved key.

On Error Resume Next

'Try the current key
Dim sUserID
sUserid = auth.GetUserid(enumMSCS_ProfileTicketType)

'If the decryption fails try a stored key
if (err.number = <errcode>)  
'Use the error code for NTE_BAD_DATA, NTE_BAD_KEY, or NTE_BAD_HASH as required.
{
   Dim sCookie, sOldEncryptionKey
   sOldEncryptionKey = 'code to retrieve old encryption key
   sCookie = Request.Cookies("MSCSAuth")
   sUserid = auth.GetUseridFromCookieAndKey(sCookie, sOldEncryptionKey)

   if Not ((err.number = <errcode>)
'Use the error code for NTE_BAD_DATA, NTE_BAD_KEY, or NTE_BAD_HASH as required.
   {
      auth.SetAuthTicket(sUserID, bCookieSupport, nTimeWindow)
   }
   else
   {
      'Cookie cannot be decrypted, redirect to force a new login.
   }
}

On Error Goto 0

Copyright © 2005 Microsoft Corporation.
All rights reserved.