Invalid value for encryptedTicket parameter

前端 未结 4 1263
离开以前
离开以前 2021-02-20 10:34

I recently modified the login for my companies eComm site to have a \"Keep me logged in\" feature. The primary change was to make the forms authentication cookie persistent for

相关标签:
4条回答
  • 2021-02-20 11:00

    I have faced same issue this is because I was getting null or empty value of authCookieValue . So my suggestion is that you have to check null for HttpCookie and also for it's value as given below .

    HttpCookie authCookie = System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                //Extract the forms authentication cookie
                if (!string.IsNullOrEmpty(authCookie.Value))
                {
                    FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    
                    string email = authTicket.UserData;
    
                    // and now process your code as per your condition
    
                }
            }
    

    This will definately will help you .

    0 讨论(0)
  • 2021-02-20 11:02

    This happens if you pass an invalid string to System.Web.Security.FormsAuthentication.Decrypt. Most commonly its trying to pass in cookieName instead of cookieValue.

    The following is the way to get the ASPXAUTH cookie value + info:

    string authCookieValue = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName].Value;
    var cookieInfo = System.Web.Security.FormsAuthentication.Decrypt(authCookieValue);
    
    0 讨论(0)
  • 2021-02-20 11:11

    What I found out is that for some reason the cookie can get an inconsistent value. For us it was only some users, in some situations.

    Better than raising an error i just propose to log the user out in case of the argumentexception. It doesn't explain the "why", is not completely satisfying (in some ways the "remember me" won't work for some users...) but at least it may keep a normal behavior for the user.

    In global.asax:

     protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
    
            if (authCookie != null)
            {
                try
                {
                    var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    
                    //...
                    //setting user properties with cookie...
                    //...
                }
                catch (ArgumentException ex)
                {
                    FormsAuthentication.SignOut();
                    Response.Redirect("/");
                }
            }
        }
    

    Not even sure the redirect is needed (would have to check).

    Hope this helps

    0 讨论(0)
  • 2021-02-20 11:22

    You might have the same error when the length of the ticket you're trying to deserialize is too long.

    0 讨论(0)
提交回复
热议问题