An many scenarios you may find ASP.NET 2.0 membership and role management provider useless andyou decide toimplement your own role management and membership logics and interfaces. Todo so youneed to employ global.asax OnAuthentication evet. so in your login logic you can create the authentication ticket: string encryptedTicket = FormsAuthentication.Encrypt(authTicket); // Create a cookie and add the encrypted ticket to the // cookie as data. HttpCookie authCookie = new HttpCookie( FormsAuthentication.FormsCookieName,encryptedTicket); // Add the cookie to the outgoing cookies collection. Response.Cookies.Add(authCookie); // Redirect the user to the originally requested page and then in your global.asax you would have code like: string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); } catch (Exception ex) { //handle the error // I log the errors in log file. } everything works well in my local server. So no error logs when FormsAuthentication tries to decrypt the cookie string. but when i deploy the project to DiscountASP host for every now and then users get the following error and are kicked out of the system so they need to sign back in! Padding is invalid and cannot be removed. Source: mscorlib at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo) at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) at ASP.global_asax.FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs args) I highlighted a red line in the bug trace where i think the problem comes from. Anybody has exprienced something like this before?
Change your web.config to use Custom MachineKey should fix the problem See http://community.discountasp.net/default.aspx?f=24&m=10014 Bruce DiscountASP.NET www.DiscountASP.NET
