Read cookies in silverlight

Question

hi,

I have an ASP.NET MVC application. In this after user get Sign in .We set the a cookie for the user who logged in using FormsAuthentication.SetAuthCookie(userName, false). In other page we get the Cookies using the FormsAuthentication.GetAuthCookie(userName]) . This cookie values as string is then set in the

Response.Cookies["username"].Value = cookiesvalue

We have .aspx page in the same application that downloads silverlight application. Silverlight reads the cookies using the code

string[] cookies = HtmlPage.Document.Cookies.Split(';');     

The problem is that once session expires in the application,silverlight cannot read the cookie value.

After the session expires we again set the cookies in headers using the

Response.Cookies["username"].Value = cookiesvalue

But still silverlight application cannot read this cookie .

Thanks in Advance DNM

Answer 1

The authentication cookie (the one set with FormsAuthentication.SetAuthCookie(userName, false)) is a special cookie. It is encrypted using the machine key on the server and it can only be manipulated by the server. Silverlight executes on the client side which explains why you cannot decrypt the username stored inside this cookie.

Just imagine for a moment that you could read and modify the value of this cookie on the client side : this would mean that you could impersonate any user.