[Mono-bugs] [Bug 81357][Nor] New - FormsAuthentication and timed out authentication/role cookie
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Thu Apr 12 00:50:02 EDT 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by mmorano at mikeandwan.us.
http://bugzilla.ximian.com/show_bug.cgi?id=81357
--- shadow/81357 2007-04-12 00:50:02.000000000 -0400
+++ shadow/81357.tmp.20607 2007-04-12 00:50:02.000000000 -0400
@@ -0,0 +1,63 @@
+Bug#: 81357
+Product: Mono: Class Libraries
+Version: 1.2
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: Sys.Web
+AssignedTo: mhabersack at novell.com
+ReportedBy: mmorano at mikeandwan.us
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: FormsAuthentication and timed out authentication/role cookie
+
+Currently, if you log into mono using forms authentication using cookies,
+and a role provider using cookie caching, an error exists once the cookie
+times out. After the cookie times out, the runtime properly recognizes
+that the cookie is old, and treats the user as if they are not authenticated.
+
+However, if you then try to login (without closing the browser), then the
+runtime throws an exception because the cookie could not be decrypted.
+
+To easily recreate this scenario, specify the forms authentication and role
+cookie to expire after one minute in the web.config.
+
+Here is the resulting error:
+
+Server Error in '/' Application
+
+Description: Error processing request.
+
+Error Message: HTTP 500.
+
+Stack Trace:
+
+System.ArgumentException: Invalid encrypted ticket
+Parameter name: encryptedTicket
+ at System.Web.Security.RolePrincipal.DecryptTicket (System.String
+encryptedTicket) [0x00000]
+ at System.Web.Security.RolePrincipal..ctor (IIdentity identity,
+System.String encryptedTicket) [0x00000]
+ at System.Web.Security.RoleManagerModule.OnPostAuthenticateRequest
+(System.Object sender, System.EventArgs args) [0x00000]
+ at (wrapper delegate-invoke)
+System.MulticastDelegate:invoke_void_object_EventArgs (object,System.EventArgs)
+ at System.Web.HttpApplication+<>c__CompilerGenerated1.MoveNext () [0x00000]
+
+4/12/2007 2:54:44 AM<!-- System.Web.HttpException: --->
+System.ArgumentException: Invalid encrypted ticket Parameter name:
+encryptedTicket at System.Web.Security.RolePrincipal.DecryptTicket
+(System.String encryptedTicket) [0x00000] at
+System.Web.Security.RolePrincipal..ctor (IIdentity identity, System.String
+encryptedTicket) [0x00000] at
+System.Web.Security.RoleManagerModule.OnPostAuthenticateRequest
+(System.Object sender, System.EventArgs args) [0x00000] at (wrapper
+delegate-invoke) System.MulticastDelegate:invoke_void_object_EventArgs
+(object,System.EventArgs) at
+System.Web.HttpApplication+<>c__CompilerGenerated1.MoveNext () [0x00000]
+--- End of inner exception stack trace --- -->
More information about the mono-bugs
mailing list