Skip to main content

FormsAuthentication.Encrypt returns null

There are several reason that the FormsAuthentication.Encrypt() returns null:

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                        1, // version
                        identity.Name, // Name
                        DateTime.Now, // issue date,
                        DateTime.Now.AddDays(1), // expiration date, created above
                        false, // persistent or not
                        jsSerializer.Serialize(identity) // User data
            );
             string encryptedTicket = FormsAuthentication.Encrypt(ticket);

  1. The Name property of the FormsAuthenticationTicket is null. 
  2. The UserData propery of the FormsAuthenticationTicket is null 
  3. The total length of the UserData is over 4K.

Comments

Post a Comment

Popular posts from this blog

X509Certificate2: The system cannot find the file specified.

When I use the new X509Certificate2(fileName, password, X509KeyStorageFlags.DefaultKeySet) to create certificate from certificate file containing private key in my web application, I got following error message: System . Security . Cryptography . CryptographicException : The system cannot find the file specified . at System . Security . Cryptography . CryptographicException . ThrowCryptogaphicException ( Int32 hr ) at System . Security . Cryptography . X509Certificates . X509Utils . _LoadCertFromBlob ( Byte [] rawData , IntPtr password , UInt32 dwFlags , Boolean persistKeySet , SafeCertContextHandle & pCertCtx ) at System . Security . Cryptography . X509Certificates . X509Certificate . LoadCertificateFromBlob ( Byte [] rawData , Object password , X509KeyStorageFlags keyStorageFlags ) at System . Security . Cryptography . X509Certificates . X509Certificate2 .. ctor ( Byte [] rawData , String password , X509KeyStorageFlags keyStorageFlags ) In orde...
10 comments
Read more

Forms authentication ReturnUrl strange behavior and fix

When working with .NET forms authentication, I have found a strange behavior: For example, we have a web site using form based authentication. There are only two pages in the site: login.aspx and default.aspx. Default.aspx is the protected page. Without login to the site, if you type directly the URL to the default.aspx page with ReturnUrl as QueryString like this: http://localhost/YourWebApp/Default.aspx?ReturnUrl=Default.aspx Instead of redirect you to the login.aspx page, you will directly get http unauthorized error (401.2). However, if you remove the ReturnUrl query string or change it to something else, you will get expected behavior: redirect to login.aspx page. It seems .NET has some special treatment to ReturnUrl parameter. In order to fix this, we need to intercept the 401 response before it sends to client and redirect user to login.aspx page. In global.asax page, we need to add this event handler:         protected void Applica...
Post a Comment
Read more

Manage IIS 7 remotely using PowerShell and AppCmd

We can use  Windows PowerShell remoting features  to manage IIS 7 websites remotely.  Currently, remoting is supported on Windows Vista with Service Pack 1 or later, Windows 7, Windows Server 2008, and Windows Server 2008 Release 2.  Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator .  Enable PowerShell Remoting with Enable-PSRemoting -Force Starting a Remote Session using:  Enter-PSSession -ComputerName <COMPUTER> -Credential <USER> Now the PowerShell connected to the remote server. Any commands issued with work against the remote server. We can use the Appcmd.exe command line tool to manage remote server just as what we do locally. For example, to add an application pool: c:\windows\system32\inetsrv\appcmd add apppool /name:"Contoso" /managedPipelineMode:Integrated /managedRuntimeVersion:"v4.0" /enable32BitAppOnWin64:true To change application p...
Post a Comment
Read more