.BLOGENGINEROLES cookie encoding/encryption?

Nov 18, 2010 at 4:59 AM

Are there details anywhere on how the .BLOGENGINEROLES cookie is created? Specifically I am looking to understand how it is encrypted, or encoded; I cant figure out what format it is in from simply looking at it.  Thanks.

Nov 18, 2010 at 6:34 AM

The encryption of that cookie is handled by ASP.NET.  It's part of the ASP.NET Role Manager system.  The way it is encrypted can be controlled in the <roleManager> tag.  See CookieProtection.  The 4 possible values for cookieProtection are here.  The default is "All" which means that it is encrypted and validation is being used to check and make sure no tampering of the cookie has occurred.

BE doesn't deal with the encryption.  It's handled at a higher level within the ASP.NET Role Manager code.