I'm pullin my hair out here. I've created a login page that uses Forms
Authentication. Initially, it loads the types of authentication
methods from a database and asks the user to select the auth method
from a drop down list. Each method corresponds to an external module
(assembly) that is loaded using reflection and accessed using a common
interface. The modules work, I know that.
The issues come after I log in. After logging in, I am redirected to
the default page (Default.aspx). This is where it gets strange. I can
refresh on the Default page about 4 times before it redirects me back
to the login page (Login.aspx). Sometimes if I replace the URL in the
address bar with Default, it will go back to Default as if I'm logged
in. Other times it will do the expected behavior: forward me back to
Login.aspx.
When this happens (booted off of a page), I get one information message
in the event log and one warning in the event log. The warning
corresponds to a CryptographicException (far below) and the information
message corresponds to an invalid ticket (directly below).
I have the cookie timeout set to 30 minutes in the web.config. Any
help would be greatly appreciated as I can't really continue with this
project until this issue is resolved.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The
ticket supplied was invalid.
Event time: 1/31/2006 3:47:28 PM
Event time (UTC): 1/31/2006 8:47:28 PM
Event ID: 13db6007d24d4a42b635fce914756d0d
Event sequence: 28
Event occurrence: 19
Event detail code: 50201
Application information:
Application domain:
/LM/W3SVC/1164268374/Root/Admin-5-127832126614312052
Trust level: Full
Application Virtual Path: /Admin
Application Path:
D:\www\sites\scarletpage.rutgers.edu\development\A dmin\
Machine name:
Request information:
Request URL:
Admin/WebResource.axd?d=0wPWHj8Z2UslFsHY3c7dcOptjvNTaWFm faGPyzFuufw1&t=632701725152365642
Request path: /Admin/WebResource.axd
User host address: 128.6.213.34
User:
Is authenticated: False
Authentication Type:
Thread account name:
-------------------------
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 1/31/2006 3:47:28 PM
Event time (UTC): 1/31/2006 8:47:28 PM
Event ID: ca51ac0692ba4e1cb1ed55c3b74f800a
Event sequence: 29
Event occurrence: 4
Event detail code: 0
Application information:
Application domain:
/LM/W3SVC/1164268374/Root/Admin-5-127832126614312052
Trust level: Full
Application Virtual Path: <..>
Application Path: <...>
Machine name: <...>
....
Exception information:
Exception type: CryptographicException
Exception message: Padding is invalid and cannot be removed.
6  4590 
Eric,
Are you able to replicate this issue if you just switch to "plain vanilla"
Forms Authentication with no custom modules loaded via Reflection?
Peter
--
Co-founder, Eggheadcafe.com developer portal: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
"er*********@gmail.com" wrote: I'm pullin my hair out here. I've created a login page that uses Forms
Authentication. Initially, it loads the types of authentication
methods from a database and asks the user to select the auth method
from a drop down list. Each method corresponds to an external module
(assembly) that is loaded using reflection and accessed using a common
interface. The modules work, I know that.
The issues come after I log in. After logging in, I am redirected to
the default page (Default.aspx). This is where it gets strange. I can
refresh on the Default page about 4 times before it redirects me back
to the login page (Login.aspx). Sometimes if I replace the URL in the
address bar with Default, it will go back to Default as if I'm logged
in. Other times it will do the expected behavior: forward me back to
Login.aspx.
When this happens (booted off of a page), I get one information message
in the event log and one warning in the event log. The warning
corresponds to a CryptographicException (far below) and the information
message corresponds to an invalid ticket (directly below).
I have the cookie timeout set to 30 minutes in the web.config. Any
help would be greatly appreciated as I can't really continue with this
project until this issue is resolved.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The
ticket supplied was invalid.
Event time: 1/31/2006 3:47:28 PM
Event time (UTC): 1/31/2006 8:47:28 PM
Event ID: 13db6007d24d4a42b635fce914756d0d
Event sequence: 28
Event occurrence: 19
Event detail code: 50201
Application information:
Application domain:
/LM/W3SVC/1164268374/Root/Admin-5-127832126614312052
Trust level: Full
Application Virtual Path: /Admin
Application Path:
D:\www\sites\scarletpage.rutgers.edu\development\A dmin\
Machine name:
Request information:
Request URL:
Admin/WebResource.axd?d=0wPWHj8Z2UslFsHY3c7dcOptjvNTaWFm faGPyzFuufw1&t=632701725152365642
Request path: /Admin/WebResource.axd
User host address: 128.6.213.34
User:
Is authenticated: False
Authentication Type:
Thread account name:
-------------------------
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 1/31/2006 3:47:28 PM
Event time (UTC): 1/31/2006 8:47:28 PM
Event ID: ca51ac0692ba4e1cb1ed55c3b74f800a
Event sequence: 29
Event occurrence: 4
Event detail code: 0
Application information:
Application domain:
/LM/W3SVC/1164268374/Root/Admin-5-127832126614312052
Trust level: Full
Application Virtual Path: <..>
Application Path: <...>
Machine name: <...>
....
Exception information:
Exception type: CryptographicException
Exception message: Padding is invalid and cannot be removed.
I don't know. The module authentication has been heavily tested and it
works. Otherwise, I wouldn't be able to get past the login page.
Basically, what I am doing is loading the module, calling its
Authenticate(...) method (which returns a boolean) and then calling
RedirectFromLoginPage(username, false). If the credentials fail, an
error message is shown on the login page. If they succeed, I am
successfully redirected to the next page which in this case is the
Default.aspx.
If I hit refresh on Default.aspx, sometimes it works and refreshes.
Other times it will log me out and redirect me back to the login page.
The events shown above appear in the event log on the server.
I just tested something else... The Default.aspx is derived from a
master page with a few images for the header and some text for the
footer. There is an asp:LinkButton called LogOut that has a handler
that calls FormsAuthentication.SignOut() and
FormsAuthentication.RedirecToLoginPage(). Page_Load handler does
nothing.
What I noticed is that pages derived from the master page, when
refreshed, throw the CryptographicException causing me to log out, but
pages that are independent do not no matter how many times I refresh.
Could it have something to do with the fact that the master pages are
kept in another folder? I'm not familiar with the methods in which
ASP.NET creates, encrypts and decrypts the authentication ticket (the
cookie). Could that actually be causing the problem? And if so, what
is the preferred way to do the master pages? I was told that Microsoft
prefers the master pages to be kept in a seperate folder.
Ok, well that's not exactly the case either regarding the master pages.
Because I have a web parts page not derived from any master page and
when I play with the web parts, I get logged out in the same way with
the CryptographicException being thrown. So I'm even more confused
now...
Stack trace: at
System.Security.Cryptography.RijndaelManagedTransf orm.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
at
System.Security.Cryptography.RijndaelManagedTransf orm.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFin alBlock()
at
System.Web.Configuration.MachineKeySection.Encrypt OrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length,
Boolean useValidationSymAlgo)
at System.Web.UI.Page.DecryptString(String s)
at
System.Web.Handlers.AssemblyResourceLoader.System. Web.IHttpHandler.ProcessRequest(HttpContext
context)
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step,
Boolean& completedSynchronously)
Also, even just refreshing the login page causes a
CryptographicException to be thrown, but not the Invalid Ticket event.
Still haven't solved the problem, but I've tracked it down a little
more.
On the login page, simply hitting refresh raises the
CryptographicException every once in a while. There are images on the
login page (asp:Image) referencing images in a subdirectory like this:
<asp:Image Name="..." ImageUrl="~/images/imagename.gif"
runat="server"></asp:Image>
I notice that when I remove the images from the login page and refresh
as many times as I want, no CryptographicException appears in the event
log. If the time between refreshes is long enough, I still get the
Invalid Ticket event.
So the CryptographicException has something to do with the images. Any
ideas?
Still no solution, but I have run some tests and have uncovered some
strange issues that I can't pin down to the source.
In the images directory are a bunch of images. Some images, when
loaded on the page, cause the app to kick me back to the login page
when the page is refreshed. Others do not. So that confuses me to no
end.
Also, I have set up in the web.config a SqlPersonalizationProvider for
WebParts. The WebParts page I have has no images on it, yet when I
refresh that page, I get punted back to the login page with the Invalid
ticket message showing up in the event log.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Rob |
last post by:
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.
The...
|
by: Andrew Robinson |
last post by:
Is there any way to dynamically set the timeout while using forms based
authentication? I want to change this value depending on the type of user
that logs into my system. I understand that this...
|
by: Tomasz |
last post by:
Hello Developers!
I have an interesting problem using my custom MembershipProvider,
RoleProvider and Forms Authentication.
Both MembershipProvider and RoleProvider require session state, where...
|
by: =?Utf-8?B?RmFyaWJh?= |
last post by:
It know that we can use the following method
http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
to form authenticate across multiple applications.
I have created an asp.net application...
|
by: Nalaka |
last post by:
Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.
Now I...
| | |
by: =?Utf-8?B?QXhlbCBEYWhtZW4=?= |
last post by:
Hi,
we've got a strange problem here:
We've created an ASP.NET 2.0 web application using Membership.ValidateUser()
to manually authenticate users with our website.
The problem is: If the...
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
...
|
by: Max2006 |
last post by:
Hi,
We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application;
however we have to use Active Directory for user name and password storage.
Is that possible? Is there any sample...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
