[Mono-bugs] [Bug 81357][Nor] New - FormsAuthentication and timed out authentication/role cookie

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu Apr 12 00:50:02 EDT 2007 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by mmorano at mikeandwan.us.

http://bugzilla.ximian.com/show_bug.cgi?id=81357

--- shadow/81357	2007-04-12 00:50:02.000000000 -0400
+++ shadow/81357.tmp.20607	2007-04-12 00:50:02.000000000 -0400
@@ -0,0 +1,63 @@
+Bug#: 81357
+Product: Mono: Class Libraries
+Version: 1.2
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: Sys.Web
+AssignedTo: mhabersack at novell.com                            
+ReportedBy: mmorano at mikeandwan.us               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: FormsAuthentication and timed out authentication/role cookie
+
+Currently, if you log into mono using forms authentication using cookies,
+and a role provider using cookie caching, an error exists once the cookie
+times out.  After the cookie times out, the runtime properly recognizes
+that the cookie is old, and treats the user as if they are not authenticated.
+
+However, if you then try to login (without closing the browser), then the
+runtime throws an exception because the cookie could not be decrypted.
+
+To easily recreate this scenario, specify the forms authentication and role
+cookie to expire after one minute in the web.config.
+
+Here is the resulting error:
+
+Server Error in '/' Application
+
+Description: Error processing request.
+
+Error Message: HTTP 500.
+
+Stack Trace:
+
+System.ArgumentException: Invalid encrypted ticket
+Parameter name: encryptedTicket
+  at System.Web.Security.RolePrincipal.DecryptTicket (System.String
+encryptedTicket) [0x00000] 
+  at System.Web.Security.RolePrincipal..ctor (IIdentity identity,
+System.String encryptedTicket) [0x00000] 
+  at System.Web.Security.RoleManagerModule.OnPostAuthenticateRequest
+(System.Object sender, System.EventArgs args) [0x00000] 
+  at (wrapper delegate-invoke)
+System.MulticastDelegate:invoke_void_object_EventArgs (object,System.EventArgs)
+  at System.Web.HttpApplication+<>c__CompilerGenerated1.MoveNext () [0x00000] 
+
+4/12/2007 2:54:44 AM<!-- System.Web.HttpException: --->
+System.ArgumentException: Invalid encrypted ticket Parameter name:
+encryptedTicket at System.Web.Security.RolePrincipal.DecryptTicket
+(System.String encryptedTicket) [0x00000] at
+System.Web.Security.RolePrincipal..ctor (IIdentity identity, System.String
+encryptedTicket) [0x00000] at
+System.Web.Security.RoleManagerModule.OnPostAuthenticateRequest
+(System.Object sender, System.EventArgs args) [0x00000] at (wrapper
+delegate-invoke) System.MulticastDelegate:invoke_void_object_EventArgs
+(object,System.EventArgs) at
+System.Web.HttpApplication+<>c__CompilerGenerated1.MoveNext () [0x00000]
+--- End of inner exception stack trace --- -->

More information about the mono-bugs mailing list