Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, September 5, 2012 7:44 AM
hello,
I have claims based authentication site in sharepoint 2010.
I need to get the user name from the FedAuth cookie and send them to another application.
I have the cookie string, how can I decrypt the FedAuth cookie?
thanks.
All replies (2)
Friday, September 7, 2012 8:10 AM
First, you need to make sure if user name is contained in the FedAuth cookie, according to http://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.sessionsecuritytoken.aspx , a session token can operate in either reference mode or not. In reference mode, rather than serializing the entire session token into the cookie, the token is stored in a session security token cache and only the information used to generate the key necessary to retrieve the token from the cache is stored in the cookie.
To understand the FedAuth cookie, this series is a good starting point: http://blogs.msdn.com/b/besidethepoint/archive/2012/05/02/sharepoint-claims-ws-and-the-windows-identity-foundation-wif.aspx ;
And you can use .net reflector to exam the code in http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.identitymodel.spsessionauthenticationmodule.aspx to find out the detail.
You may have read this similar thread: http://social.msdn.microsoft.com/Forums/en/windowsazuresecurity/thread/ca4ec7a4-30d4-4f6a-b739-59e349525931 .
You can check the content of a claimsPrincipal with a claims viewer: http://blogs.perficient.com/microsoft/2009/12/how-to-create-a-claims-viewer-web-part-for-sharepoint-2010/ .
Why do you want to send the user name to another application? Do you actually want delegation: http://msdn.microsoft.com/en-us/library/ee537800
Wednesday, March 6, 2013 9:39 AM
after handling this thread: http://social.technet.microsoft.com/Forums/en-US/sharepointgeneralprevious/thread/d5013e88-c94e-48f0-b510-63c19f05c12b i think you need to run with the same account as SharePoint web application pool account to decrypt the cookie.