How to get at contents of Forms Authentication ticket with PHP

Question

I need to undo the following ASP.Net processes in PHP so I can get at the username and expiration date in a ticket. I\'ve decrypted the 3DES encryption (step 3 below) but I\

Answer 1

I don't think this is possible...

A few pre-requisite questions:

• Are you sure you have decrypted the string correctly, with the correct MachineKey value and decryption algorithm? I know ASP.NET 1.0 used 3DES but newer versions generally use AES by default.
• Why are you accessing this data in the first place? The FormsAuthenticationTicket was not intended to be "broken", and if you were going to access these values from a different language you may consider rolling your own scheme.

Some noteworthy observations:

Buried in FormsAuthentication.Decrypt() is a call to UnsafeNativeMethods.CookieAuthParseTicket(...). Here is the signature:

[DllImport("webengine.dll", CharSet=CharSet.Unicode)]
internal static extern int CookieAuthParseTicket(byte[] pData, int iDataLen, StringBuilder szName, int iNameLen, StringBuilder szData, int iUserDataLen, StringBuilder szPath, int iPathLen, byte[] pBytes, long[] pDates);

This parses what looks to be a byte array returned from MachineKeySection.HexStringToByteArray() (apparently a function that appears to decode the string using UTF-8) into the individual members of the FormsAuthenticationTicket.

I can only assume that no matter which decoding method you use (ASCII, UTF-16, etc.) you're not going to get the data back unless you know Microsoft's implementation hidden in this native method.

MSDN may also offer some help.