FormsAuthentication.Decrypt causes System.Security.Cryptography.CryptographicException: Bad Data Error

From: Jim Fiorato (jfiorato_at_hotmail.com)
Date: 05/13/03


Date: Tue, 13 May 2003 14:37:45 -0500


Prior to the installation of .NET Framework 1.1, it was possible to create
and encrypt a ticket in one v-directory running as an application, and
decrypt and use that same ticket from another v-directory running as an
application, as long as both applications were the in same domain. Is this
no longer possible in the 1.1 Framework?

The error is very easy to reproduce.
Create a new web application with a web.config file with authentication
mode="forms". Then create a new web form, in this case WebForm1.aspx, with
the following code:

<%
if(IsPostBack) {
 FormsAuthenticationTicket myTicket =
FormsAuthentication.Decrypt(Request.Cookies.Get(FormsAuthentication.FormsCoo
kieName).Value);
 Response.Write(myTicket.Name);
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
 <HEAD>
  <title>WebForm1</title>

 </HEAD>
 <body
  <form id="Form1" method="post" runat="server">
   <iframe src="integrated/WebForm2.aspx"></iframe>
   <asp:Button id="Button1" style="Z-INDEX: 101; LEFT: 139px; POSITION:
absolute; TOP: 218px" runat="server" Text="Button"></asp:Button>
  </form>
 </body>
</HTML>

Then create a new folder (in my case, I called it "integrated") within that
application and add a web.config file with authentication mode="windows" and
authorization set to deny users="?". Configure this new folder in IIS to
run as an application. Then create a new web form, in this case
WebForm2.aspx, with the following code:

<%
FormsAuthentication.SetAuthCookie(Context.User.Identity.Name, false);
%>

When you run the project, you should get the following error after clicking
on the button to post back.

Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: Bad
Data.

Source Error:

Line 24: // Put user code to initialize the page here
Line 25: if(IsPostBack) {
Line 26: FormsAuthenticationTicket myTicket =
FormsAuthentication.Decrypt(Request.Cookies.Get(FormsAuthentication.FormsCoo
kieName).Value);
Line 27: Response.Write(myTicket.Name);
Line 28: }

Any help is appreciated.

Jim