What inputs go into encrypting / creating an ASP.NET Forms Authentication Ticket?
https://stackoverflow.com/questions/6362754
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
Everything I read points to the MachineKey element in the web.config file being the only thing that determines the encrypted ticket value, but I have a lot of evidence to contradict that at the moment.
So my question is: what can make the ticket encryption value (particularly the length) different, given that the machine key and the data inside the ticket is identical?
EDIT
We are seeing the changes in the value as a result of timestamps. However in one of the environments the created values themselves are much shorter. Two of the sites (.NET 4, MVC2/3) cope with it just fine. A .NET 2.0 / WebForms site, however, can't decrypt it with the same machine key.
Solução 2
So, while the MachineKey and encryption algorithm do decide the encrypted value produced, we have confirmed that there are definitely patches that can affect machine key encryption / decription.
This became evident when half of our web farm was patched, which produced encrypted tickets of different lengths than the others. It was a large set of patches, so we were unable to determine the exact patch that caused the different behavior.
So...if anyone else experiences this very strange behavior, make sure you compare the patches and hotfixes applied to each server when troubleshooting.
Outras dicas
MachineKey determines how it is encrypted/decrypted. The contents include a timestamp so even if you put in the same data, that would explain the different encrypted values.
