views:

240

answers:

1

If I have a look at my cookievalue .ASPXANONYMOUS it is a string ie

WZnX-rXHygEkAAAAOTFhZjE5YTctZmEzZi00MTMwLWEwNTAtYjYwMzI0N2M0NTY4gQUsRlThiJWAjBgmBnpeIba7eGo1

The value Request.AnonymousID is a Guid.

How do you get from ASPXANONYMOUS to AnonymousID ?

I need this to debug some issues I have with FormsAuthentication.

+2  A: 

Yes, an anonymous id is a GUID. The cookie string is an encrypted value containing the id and other data:

[Serializable]
internal class AnonymousIdData
{
    internal string AnonymousId;
    internal DateTime ExpireDate;

    internal AnonymousIdData(string id, DateTime dt);
}

By default, anonymous cookies are valid for 90 days and are refreshed every visit.

You can treat Request.AnonymousID as the request username when Request.IsAuthenticated==false.

see AnonymousIdentificationModule

UPDATE: In response to a comment, yes, you can decode the value, but why?

string aId = Request.AnonymousID;

string anonCookieValue = Request.Cookies[".ASPXANONYMOUS"].Value;
MethodInfo method = typeof(AnonymousIdentificationModule).GetMethod("GetDecodedValue", BindingFlags.Static | BindingFlags.NonPublic);
object anonymousIdData = method.Invoke(null, new object[] { anonCookieValue });
var field = anonymousIdData.GetType().GetField("AnonymousId", BindingFlags.Instance | BindingFlags.NonPublic);
string anonymousId = (string) field.GetValue(anonymousIdData);
field = anonymousIdData.GetType().GetField("ExpireDate", BindingFlags.Instance | BindingFlags.NonPublic);
DateTime expired = (DateTime) field.GetValue(anonymousIdData);

// why? just use Request.AnonymousID    
Debug.Assert(aId == anonymousId);
Sky Sanders
Can you decrypt the cookie string?
Malcolm Frexner
Yes, see update. but why?
Sky Sanders
Valid question. I guess because I want to totally mess up my application :-)But the real nswer is this problem I have: http://stackoverflow.com/questions/2448720/different-users-get-the-same-cookie-value-in-aspxanonymous
Malcolm Frexner