Invalid value for encryptedTicket parameter

Question

I recently modified the login for my companies eComm site to have a "Keep me logged in" feature. The primary change was to make the forms authentication cookie persistent for these users.

After the change was released I started seeing this exeception in my logs:

Invalid value for 'encryptedTicket' parameter
at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)

The problem seems to be user agent specific. The only user agents the error has been recorded for are:

Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
eTailInsights Tag Identifier/1.0

I have an iPad with the configuration listed above. The first login attempt works. But closing the browser and going back to the site, thus using the persistent cookie, causes the error.

The behavior is also inconsistent across environments. It works fine against my local machine and test server, but fails on production. Which makes it difficult to troubleshoot.

Other versions of iOS/Safari can login fine.

Searching for this error turned up several references to a problem with web forms and newer browser versions. This does not seem consistent with my scenario though. I'm not seeing errors for new browsers and my site is MVC.

I found one question similar to mine, but with no answer.

Anybody know what is happening here?

You should log what the value for "encryptedTicket" is passed to Decrypt method. — Ankur-m, Mar 22 '17 at 05:30

score 10 · Answer 1 · answered Jul 19 '14 at 05:57

10

I have faced same issue this is because I was getting null or empty value of authCookieValue . So my suggestion is that you have to check null for HttpCookie and also for it's value as given below .

HttpCookie authCookie = System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
        if (authCookie != null)
        {
            //Extract the forms authentication cookie
            if (!string.IsNullOrEmpty(authCookie.Value))
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                string email = authTicket.UserData;

                // and now process your code as per your condition

            }
        }

This will definately will help you .

answered Jul 19 '14 at 05:57

Dilip Langhanoja

4,455
4
28
37

i just got a deluge of these errors, but my code is virtually the same as yours. – Brad Aug 26 '14 at 02:37
@Brad Hay are you getting authCookie and authCookie.Value is null ?? so you could not getting email from your cookies . – Dilip Langhanoja Aug 26 '14 at 08:25
1

hm, i wasn't doing the second check to make sure the `authCookie.Value` wasn't null. good call, @Dilip0165 – Brad Aug 26 '14 at 12:23
@Brad so if you check in other browser , you will get value . I hope this answer is useful to you. – Dilip Langhanoja Aug 27 '14 at 04:58
@Brad Is my answer is useful to you ? You are not getting value from browser's cookie. – Dilip Langhanoja Aug 30 '14 at 05:53
If authCookie value is null, it will throw Null Reference error. – Ankur-m Mar 22 '17 at 05:20
@Ankur-m Yes, You are right. So Here I have checked authCookie null value condition first. So It will work fine. – Dilip Langhanoja Mar 23 '17 at 06:06

score 4 · Answer 2 · answered Sep 08 '17 at 11:59

4

You might have the same error when the length of the ticket you're trying to deserialize is too long.

answered Sep 08 '17 at 11:59

Oleksandr G

2,060
3
22
31

score 2 · Answer 3 · answered Mar 10 '14 at 22:40

This happens if you pass an invalid string to System.Web.Security.FormsAuthentication.Decrypt. Most commonly its trying to pass in cookieName instead of cookieValue.

The following is the way to get the ASPXAUTH cookie value + info:

string authCookieValue = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName].Value;
var cookieInfo = System.Web.Security.FormsAuthentication.Decrypt(authCookieValue);

score 1 · Answer 4 · answered Aug 27 '15 at 14:08

What I found out is that for some reason the cookie can get an inconsistent value. For us it was only some users, in some situations.

Better than raising an error i just propose to log the user out in case of the argumentexception. It doesn't explain the "why", is not completely satisfying (in some ways the "remember me" won't work for some users...) but at least it may keep a normal behavior for the user.

In global.asax:

 protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            try
            {
                var authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                //...
                //setting user properties with cookie...
                //...
            }
            catch (ArgumentException ex)
            {
                FormsAuthentication.SignOut();
                Response.Redirect("/");
            }
        }
    }

Not even sure the redirect is needed (would have to check).

Hope this helps

Invalid value for encryptedTicket parameter

4 Answers4

Linked