void DecryptTicket (string encryptedTicket)
{
if (encryptedTicket == null || encryptedTicket == String.Empty)
throw new ArgumentException ("Invalid encrypted ticket", "encryptedTicket");
byte [] ticketBytes = GetBytesFromBase64 (encryptedTicket);
byte [] decryptedTicketBytes = null;
CookieProtection cookieProtection = RoleManagerConfig.CookieProtection;
if (cookieProtection == CookieProtection.All) {
decryptedTicketBytes = MachineKeySectionUtils.VerifyDecrypt (MachineConfig, ticketBytes);
} else if (cookieProtection == CookieProtection.Encryption) {
decryptedTicketBytes = MachineKeySectionUtils.Decrypt (MachineConfig, ticketBytes);
} else if (cookieProtection == CookieProtection.Validation) {
decryptedTicketBytes = MachineKeySectionUtils.Verify (MachineConfig, ticketBytes);
}
if (decryptedTicketBytes == null)
throw new HttpException ("ticket validation failed");
MemoryStream ticket = new MemoryStream (decryptedTicketBytes);
BinaryReader reader = new BinaryReader (ticket);
// version
_version = reader.ReadInt32 ();
// issued date
_issueDate = new DateTime (reader.ReadInt64 ());
// expire date
_expireDate = new DateTime (reader.ReadInt64 ());
// cookie path
_cookiePath = reader.ReadString ();
// roles
string roles = reader.ReadString ();
if (!Expired) {
InitializeRoles (roles);
//update ticket if less than half of CookieTimeout remaining.
if (Roles.CookieSlidingExpiration){
if (_expireDate-DateTime.Now < TimeSpan.FromTicks (RoleManagerConfig.CookieTimeout.Ticks/2)) {
_issueDate = DateTime.Now;
_expireDate = DateTime.Now.Add (RoleManagerConfig.CookieTimeout);
SetDirty ();
}
}
} else {
// issue a new ticket
_issueDate = DateTime.Now;
_expireDate = _issueDate.Add (RoleManagerConfig.CookieTimeout);
}
}