Invalid value for encryptedTicket parameter

2020-07-05 10:55发布

问题:

I recently modified the login for my companies eComm site to have a "Keep me logged in" feature. The primary change was to make the forms authentication cookie persistent for these users.

After the change was released I started seeing this exeception in my logs:

Invalid value for 'encryptedTicket' parameter
at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)

The problem seems to be user agent specific. The only user agents the error has been recorded for are:

  • Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5

  • eTailInsights Tag Identifier/1.0

I have an iPad with the configuration listed above. The first login attempt works. But closing the browser and going back to the site, thus using the persistent cookie, causes the error.

The behavior is also inconsistent across environments. It works fine against my local machine and test server, but fails on production. Which makes it difficult to troubleshoot.

Other versions of iOS/Safari can login fine.

Searching for this error turned up several references to a problem with web forms and newer browser versions. This does not seem consistent with my scenario though. I'm not seeing errors for new browsers and my site is MVC.

I found one question similar to mine, but with no answer.

Anybody know what is happening here?

回答1:

I have faced same issue this is because I was getting null or empty value of authCookieValue . So my suggestion is that you have to check null for HttpCookie and also for it's value as given below .

HttpCookie authCookie = System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
        if (authCookie != null)
        {
            //Extract the forms authentication cookie
            if (!string.IsNullOrEmpty(authCookie.Value))
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                string email = authTicket.UserData;

                // and now process your code as per your condition

            }
        }

This will definately will help you .



回答2:

You might have the same error when the length of the ticket you're trying to deserialize is too long.



回答3:

This happens if you pass an invalid string to System.Web.Security.FormsAuthentication.Decrypt. Most commonly its trying to pass in cookieName instead of cookieValue.

The following is the way to get the ASPXAUTH cookie value + info:

string authCookieValue = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName].Value;
var cookieInfo = System.Web.Security.FormsAuthentication.Decrypt(authCookieValue);


回答4:

What I found out is that for some reason the cookie can get an inconsistent value. For us it was only some users, in some situations.

Better than raising an error i just propose to log the user out in case of the argumentexception. It doesn't explain the "why", is not completely satisfying (in some ways the "remember me" won't work for some users...) but at least it may keep a normal behavior for the user.

In global.asax:

 protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            try
            {
                var authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                //...
                //setting user properties with cookie...
                //...
            }
            catch (ArgumentException ex)
            {
                FormsAuthentication.SignOut();
                Response.Redirect("/");
            }
        }
    }

Not even sure the redirect is needed (would have to check).

Hope this helps