Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

FormsAuthentication.Decrypt always returns null in one of the web servers

Tags:

c#

asp.net

asp.net-mvc

webforms

I have a webform application based on asp.net 4.0, deployed to two different servers. The webform application has only one Default.aspx with its code behind:

protected void Page_Load(object sender, EventArgs e)
{
    MachineKeySection section =
     (MachineKeySection)ConfigurationManager.GetSection("system.web/machineKey");

    this.Response.Write(section.DecryptionKey);
    this.Response.Write("<br />");

    this.Response.Write(section.ValidationKey);
    this.Response.Write("<br />");

    var authToken = "xxxxxx";  
        //the real token is obviously not xxx, just an example here

    this.Response.Write(authToken);
    this.Response.Write("<br />");

    var ticket = FormsAuthentication.Decrypt(authToken);
    if (ticket != null) this.Response.Write(ticket.Name);
    this.Response.End();
}

the same code with the same web.config is deployed to two web servers. However, one of them works fine, and another always has its ticket equals to null. If I remove if (ticket != null) then an null reference exception is thrown. They have totally the same output, except the ticket part.

The web servers are running on Windows Server 2008 R2 SP1, with .NET framework 4 installed. I'm sure the code on the two web servers are toally the same, including the machineKey:

<machineKey validationKey="xxx" decryptionKey="yyy" validation="SHA1" decryption="AES" />

How can this happen? Do you have any idea about this weired issue?

UPDATE

MS BUG, need to update package: http://support.microsoft.com/kb/2656351

like image 837
Cheng Chen Avatar asked Jan 14 '13 10:01

Cheng Chen

1 Answers

While employing load Balancers, I had ran into this exact issue as you mentioned. [ .net Framework 4.0 ]

All things were being verified so many times with NO success.

Just wanted to share the below link as finally the Security Update: MS11-100 had fixed the issue in my case.

Tony considers likely this to be bug in .net 4.0 http://tmoaikel.wordpress.com/2012/03/21/formsauthentication-decrypt-returns-null/ , which was fixed by the above patch.

May be this may help you progress little further.

like image 200
R.C Avatar answered Oct 15 '22 21:10

R.C
Sign in to Comment

Related questions

Secure DSA Signing
Change URL Rewrite Rule in Web.Config from Code C#
<Not Available> and [Thread Destroyed] details in Thread window for Visual Studio 2010
Drag and Drop image from browser to WPF Application
How do I get a ScrollViewer with a Rectangle inside to stop scrolling when it reaches the end of the rectangle?
How can I stop Add-Migration checking my database has no pending migrations when using Code-Based migrations?
Disable/Flush OleDbConnection Cache
SharedResourceDictionary: edit resource in Blend
Amazon Video on Demand API
How can I retrieve the name of the printer chosen in Acrobat?
Classify or keyword match a natural language string or phrase
C# Override method with subclass parameter
3d object not rendered
How to get interest rates and interbank rates in C#?
Entity Framework is slow because of derived tables
RichTextBox rotating text for printing
Replicate T-SQL DecryptByPassPhrase in C#
How to create a WPF Window without a border that can be resized?
MVVMLight Simple IOC - dynamically register and unregister data service implementations
Dynamic query using LINQ to SQL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!