You can share ASP.NET Forms Auth Cookies with Rails, but you will have to decrypt it on the Rails side. Maybe this is too much trouble.
A simpler solution is to skip the .NET Authentication Ticket and save your own authorization ticket (cookie) on both sides using the encryption algorithm you want and the same salt between the two platforms. Salt can be stored in the database or in a physical file if they are on the same disk.
Example:
C # side:
public class MyTicket { ... public string ToSerializableFormat() { return String.Format("{0}|{1}", t.Username, t.somethingElseYouNeed); } public static MyTicket Parse(string value) { var vals = value.Split('|'); return MyTicket(values[0], values[1]); } }
Somewhere else in your application, replacing the calls to FormsAuthentication.Encrypt and FormsAuthentication.Decrypt :
string MakeTicket(MyTicket t) { return EncryptSomehow(key, t.ToSerializableFormat()); } MyTicket ReadTicket(string cookieValue) { return MyTicket.Parse( DecryptSomehow(key, cookieValue) ); }
And the Ruby equivalent:
class MyTicket def to_serializable_format "#{@username}|#{@something_else}" end def self.parse(value) values = value.split '|' MyTicket.new(*values) end end
Somewhere in the Rails code, you will decrypt and encrypt the auth cookie. Use the same name on both sides.
Profit