FormsAuthentication.Decrypt not working

Discussion in 'General troubleshooting' started by dvMentalMadness, Aug 10, 2011.

  1. I am investigating an issue where usually within 5-10 seconds after I login my FormsAuthentication session "expires" and I am required to login again.

    I've checked Fiddler to verify the cookie is sent in the request header, also I deployed the FormsAuthLogger HttpModule from this article: http://support.microsoft.com/kb/910439

    When the failure happens, this is what I see in the log:


    Date, RequestType, URL, Referrer, ClientIP, EncryptedCookie, CookiePath, CookieName, CookieValue, Name, UserData, IssueDate, ExpirationDate, Expired, Persistent, version

    8/10/2011 9:42:40 AM, GET, http://www.platinumvipcard.com/admin/Chain, http://www.platinumvipcard.com/admin/Category, XX.X.XXX.XX, 6A2F67D2F12BAA5C898329FA68B370F31C016D676512199D8FD58292B8ABFFF85A53EE62018AC6E2422D52AFEA782CFA3FCC62E60BB2E549F95E4C03DFAD12C5D4FC61F8CF7BF326E2A6A9B6544144CBE36159325BE3ACB7707120C9B124041614D75A14CA9C2210F31F2B6CFD74C39FA1FB7C1AFAD9AF8412C73AAD9F90F833454415828D84DB46821117C3111DAB800E5E7895C9D8C8A3856897679DF036BCB545AD78AF9A5A9ABD3D6029AC4B3B569DD6866051B6C9A6E3E9C54CC29DE967B9E740B5F5C2EB9C60BED3A66CE5FC245BB5A8DB9A81B2925CA75E67FA17FC9924FD610B2BF3A83DC6269435F9727C3B,Exception: System.Web : Unable to validate data. at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType, Boolean signData)
    at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)
    at FormsAuthLogger.FormsAuthInfo.LogFormsAuthTicket() in C:\Dev\DotNet\temp\FormsAuthInfo.cs:line 55


    And here's what I see in Fiddler for the request:


    GET http://www.platinumvipcard.com/admin/Chain HTTP/1.1
    Host: www.platinumvipcard.com
    Connection: keep-alive
    Referer: http://www.platinumvipcard.com/admin/Category
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate,sdch
    Accept-Language: en-US,en;q=0.8
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
    Cookie: /=A6669B296C4CD34C807B637A3242C5C5D229EDF177EDFCB0374CF25DFAB457EC80B00AE1C5EC5541B19EE428E8C81D7471AB9BABE1016013AE2578081B12797D85734F806F4A34A4008C734F8368BDC14AD861150C21C677521F8B5F14E543C2181634412C3C7AFFAA537D6A45C921930DB69CAC9350B87DFFB146BBD6B5148C10247426EBEEDCC50895AD56CD0894B3C2E3518C5977630AF234F9DAA3D2E9CE3FC1486D7471E379CB334128133082C823CB9F834CA39FCB784F05EBF051D1E3A6C1CC8B3239C772200FE2F72B5C8E022BD908F70B20707505C298332E56A80B1FF8082F9B178DF09F3541F933A7707022A2D7A5770E40136A4909BC182933D1; __RequestVerificationToken_L2FkbWlu=4tyPYa8gzCjSuIAUOV0rmZJQBzYw5wsviDaHr8pfz4LAyn6gnbon9dnMm8+R4T51Rkwq90gctWlc6YEUClnTF6Aq7g6ljIaaJLup9noWA26vCWmzvoadRZZ1ZYDwbHtU4tlqpva2iNjS1iwlw1CJRlJG8+HUUift7RLzHQSekPU=; .ASPXAUTH=6A2F67D2F12BAA5C898329FA68B370F31C016D676512199D8FD58292B8ABFFF85A53EE62018AC6E2422D52AFEA782CFA3FCC62E60BB2E549F95E4C03DFAD12C5D4FC61F8CF7BF326E2A6A9B6544144CBE36159325BE3ACB7707120C9B124041614D75A14CA9C2210F31F2B6CFD74C39FA1FB7C1AFAD9AF8412C73AAD9F90F833454415828D84DB46821117C3111DAB800E5E7895C9D8C8A3856897679DF036BCB545AD78AF9A5A9ABD3D6029AC4B3B569DD6866051B6C9A6E3E9C54CC29DE967B9E740B5F5C2EB9C60BED3A66CE5FC245BB5A8DB9A81B2925CA75E67FA17FC9924FD610B2BF3A83DC6269435F9727C3B; openid_provider=googleapps

    Here's the authentication section from my web.config:

    <authentication mode="Forms">
    <forms loginUrl="~/Auth/LogOn" timeout="2880" name="/" />
    </authentication>


    It seems like I am seeing the behavior described in this KB article: http://support.microsoft.com/kb/2431728
     
  2. Last edited by a moderator: Oct 14, 2015
  3. Thanks, that should have occurred to me. I just didn't understand why that would happen when the site wasn't running in a web farm.
     
  4. :) Anytime the application pool is recycled the machine key is regenerated. By manually setting it - you dont have to worry.
     
  5. I'm glad I ran into this now, but why would the app pool reset so often?
     
  6. Reasons we would recycle the application pool are:

    - More than 200MB of memory usage
    - Average of 75% of CPU usage over a 5 minute period
    - Application Idle for 20 minutes
     

Share This Page