Forms Authentication - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Forms Authentication

Message

From

23/09/2004 12:32:01

Victor Campos
Rowland Heights, California, United States

All

General information

Forum:

ASP.NET

Category:

Other

Title:

Forms Authentication

Miscellaneous

Thread ID:

00945427

Message ID:

00945427

Views:

Here's the scenario:

A user visits my secure site - because the site is secure they will be redirected to login.aspx - once they login they can navigate the site without any problems. They leave and come back without a problem.

However, if they bookmark a secure page and visit the site another time by going directly to the secure page they get redirected to the login.aspx page as it should since the site is secure.

However, when they login they cought getting redirected back to the login page over and over in an endless loop. The only way to get out is to close the browser and visit the site by hitting the home page which will redirect to the login.aspx page.

We can't recreate this problem on our machines running WinXP (not XP2), we can't even recreate this problem in our development server running Win2000 Server SP3, but it does occur on our production servers running Win2000 Advance Server, Load Balance, with Session State on SQL Server (all machines run session state on SQL - including development machines, development servers and production servers.).

Here's the Exception information we get during the Application_AuthenticationRequest Method:

1) Exception Information
*********************************************
Exception Type: System.Security.Cryptography.CryptographicException
Message: Bad Data.

TargetSite: Byte[] _DecryptData(IntPtr, Byte[], Int32, Int32, Boolean)
HelpLink: NULL
Source: mscorlib

StackTrace Information
*********************************************
at System.Security.Cryptography.CryptoAPITransform._DecryptData(IntPtr
hKey, Byte[] rgb, Int32 ib, Int32 cb, Boolean fDone)
at
System.Security.Cryptography.CryptoAPITransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Web.Configuration.MachineKey.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length)
at System.Web.Security.FormsAuthentication.Decrypt(String
encryptedTicket)
at CalChoice.Web.Global.Application_AuthenticateRequest(Object sender, EventArgs e)

-vic
My Personal Site

Map

View

Click here to load this message in the networking platform