stackoom
  简体   繁体   中英

ASP.NET 4.7 Forms Authentication Failure, Ticket supplied was invalid

 原文  2018-06-01 14:51:49       asp.net/ vb.net

Question

We are trying to change from TLS 1.0/1.1 to 1.2. The only protocol running is 1.2 and the .net and sql has been changed to support 1.2. It started giving us this error immediately when trying to log in.

Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. Event time: 6/1/2018 9:27:58 AM Event time (UTC): 6/1/2018 1:27:58 PM Event ID: ed7b05ef18c84be1b02ae683df1b6e79 Event sequence: 2 Event occurrence: 1 Event detail code: 50201

This is in my web.config 

    <authentication mode="Forms">
      <forms loginUrl="~/Login/MainLoginPage.aspx" defaultUrl="/default.aspx" name="LoginAuthCookie" timeout="525600" />
    </authentication>
  <location path="Mobile/Customers/CustomerList.aspx">
    <system.web>
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>
  <location path="Mobile/Customers/JDE/NoCust.aspx">
    <system.web>
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>
  <location path="login/mainloginpage.aspx">
    <system.web>
      <!--<pages validateRequest="false" />-->
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>
  <location path="Applications">
    <system.web>
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>

Our testing page still works but our production does not, they have the same web.config pages.

My question is does anyone know why this is happening and how to fix it? I have read up a few of the threads on this website, but they haven't been any help. Let me know if you need more information and thank you in advance for your responses.

2 answers

solution1
 0  2018-06-01 15:08:38

You could add ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072; to Global.asax.cs. 

public class Global : System.Web.HttpApplication
{
    protected void Application_Start(object sender, EventArgs e)
    {
        ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072;
    }
}

solution2
 0  2018-06-01 15:51:33

I have to support TLS1.2 as my payment processor requires it, I believe all do now. I was dealing with an 12 year old application so I didn't want to possibly introduce issues into the overall application so I inserted one line of code into the relevant page and all is well. That one line is: 

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

This forces the httprequest that follows to connect using TLS1.2. Works for me.

NOTE: I upgraded the entire app (not an issue) to .NET 4.5, earlier versions do not support TLS1.2

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Forms Authentication failed for the request. Reason: The ticket supplied has expired Jmeter & forms authentication ticket (asp.net) Possible disadvantages of using cookieless forms authentication ticket in Asp.Net asp.net forms authentication ticket tampered but still works ASP.NET forms authentication store user token/ticket cache .NET 2.0 Web App Authentication Failing: “The ticket supplied was invalid” ASP.NET SSL Authentication Ticket Security? What inputs go into encrypting / creating an ASP.NET Forms Authentication Ticket? How can I use RSA to Encrypt/Decrypt ASP.Net Forms Authentication Ticket expiration date in newly created authentication ticket (asp.net forms auth)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM