Note: There are many variables, flags, and version-specific considerations for how .NET generates the .aspxauth cookie. This library works for our needs using older versions of the .NET framework. Your milage may vary.
Provides utilities to assist in generating, validating and decrypting .NET authorization tickets (usually set in the .ASPXAUTH cookie) for interoperation with .NET authentication.
The module must be initialized with configuration that corresponds to your .NET configuration and the machine key used to generate the auth ticket.
validationMethod (string): (default "sha1")validationKey (string): hex encoded key to use for signature validationdecryptionMethod (string): (default "aes")decryptionIV (string): hex encoded initialization vector (defaults to a vector of zeros)decryptionKey (string): hex encoded key to use for decryptionticketVersion (integer): if specified then will be used to validate the ticket versionvalidateExpiration (bool): (default true) if false then decrypted tickets will be returned even if past their expirationencryptAsBuffer (bool): (default false) if true, encrypt will return a buffer rather than a hex encoded stringdefaultTTL (integer): (default 24hrs) if provided is used as milliseconds from issueDate to expire generated ticketsdefaultPersistent (bool): (default false) if provided is used as default isPersistent value for generated ticketsdefaultCookiePath (string): (default "/") if provided is used as default cookiePath for generated tickets// Configure
var aspxauth = require( "aspxauth" )( {
validationMethod: "sha1",
validationKey: process.env.DOTNET_VALIDATION_KEY,
decryptionMethod: "aes",
decryptionIV: process.env.DOTNET_DECRYPTION_IV,
decryptionKey: process.env.DOTNET_DECRYPTION_KEY
} );
// Generate encrypted cookie
var encryptedCookieValue = aspxauth.encrypt( {
name: "some.username@place.com",
customData: "other data"
} );
// Decrypt an existing cookie
var authTicket = aspxauth.decrypt( req.cookies[ ".ASPXAUTH" ] );
FAQs
Verify and decrypt .NET's .ASPXAUTH cookie from node
The npm package aspxauth receives a total of 42 weekly downloads. As such, aspxauth popularity was classified as not popular.
We found that aspxauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A brand-squatted TanStack npm package used postinstall scripts to steal .env files and exfiltrate developer secrets to an attacker-controlled endpoint.
Research
Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environments.
Company News
Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.