Security News
Meet the Socket Team at RSAC and BSidesSF 2025
Join Socket for exclusive networking events, rooftop gatherings, and one-on-one meetings during BSidesSF and RSA 2025 in San Francisco.
By Sarah Gooding - Mar 27, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
71
Supply Chain Security
100
Vulnerability
82
Quality
78
Maintenance
100
License
aspxauth
Note: There are many variables, flags, and version-specific considerations for how .NET generates the .aspxauth cookie. This library works for our needs using older versions of the .NET framework. Your milage may vary.
Provides utilities to assist in generating, validating and decrypting .NET authorization tickets (usually set in the .ASPXAUTH cookie) for interoperation with .NET authentication.
Setup
The module must be initialized with configuration that corresponds to your .NET configuration and the machine key used to generate the auth ticket.
validationMethod(string): (default "sha1")validationKey(string): hex encoded key to use for signature validationdecryptionMethod(string): (default "aes")decryptionIV(string): hex encoded initialization vector (defaults to a vector of zeros)decryptionKey(string): hex encoded key to use for decryptionticketVersion(integer): if specified then will be used to validate the ticket versionvalidateExpiration(bool): (defaulttrue) if false then decrypted tickets will be returned even if past their expirationencryptAsBuffer(bool): (defaultfalse) if true, encrypt will return a buffer rather than a hex encoded stringdefaultTTL(integer): (default 24hrs) if provided is used as milliseconds fromissueDateto expire generated ticketsdefaultPersistent(bool): (defaultfalse) if provided is used as defaultisPersistentvalue for generated ticketsdefaultCookiePath(string): (default "/") if provided is used as defaultcookiePathfor generated tickets
// Configure
var aspxauth = require( "aspxauth" )( {
validationMethod: "sha1",
validationKey: process.env.DOTNET_VALIDATION_KEY,
decryptionMethod: "aes",
decryptionIV: process.env.DOTNET_DECRYPTION_IV,
decryptionKey: process.env.DOTNET_DECRYPTION_KEY
} );
// Generate encrypted cookie
var encryptedCookieValue = aspxauth.encrypt( {
name: "some.username@place.com",
customData: "other data"
} );
// Decrypt an existing cookie
var authTicket = aspxauth.decrypt( req.cookies[ ".ASPXAUTH" ] );
Supported validation methods
- sha1
Supported decryption methods
- aes
3.0.0
- Added extra signature of unencrpyted data required in .NET validation
2.x
FAQs
Verify and decrypt .NET's .ASPXAUTH cookie from node
The npm package aspxauth receives a total of 48 weekly downloads. As such, aspxauth popularity was classified as not popular.
We found that aspxauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 17 Mar 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Biome Announces v2.0 Beta with Plugin System and Type Information Support
Biome's v2.0 beta introduces custom plugins, domain-specific linting, and type-aware rules while laying groundwork for HTML support and embedded language features in 2025.
By Sarah Gooding - Mar 25, 2025
Security News
Next.js Patches Critical Middleware Vulnerability (CVE-2025-29927)
Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.
By Sarah Gooding - Mar 24, 2025