Decryption, cookies - "Bad Data" -- dotnet security

Jose
6/28/2005 8:59:30 AM

Hello all,

We have just moved an application from one server to another. The site
has a "remember me" option whereby the user is not required to enter in
any credentials instead they are read from a cookie.

We have been getting some strange errors:

Error Message: "Bad Data".
Error Stack Trace: at
System.Security.Cryptography.CryptoAPITransform._DecryptData(IntPtr
hKey, Byte[] rgb, Int32 ib, Int32 cb, Boolean fDone)

How is the "decryption key" produced - is it possible that it is
related to the server in the same way that ViewState is tied to the
particular server it came from? Please note that this is my attempt to
explain this error.

Thanks in advance,
Jose

Paul Glavich [MVP ASP.NET]
6/30/2005 12:00:00 AM

Are you now saying that you have your app loaded on 2 servers? (ie. a web
farm). The encryoted auth ticket by default is tied to a particular machine.
The machine.config is set to autogenerate a valid key for the symetric
encryptin/decryption for each application on the system. If you are spanning
multiple servers, you need to edit the machine.config on both servers and
replace the "AutoGenerate, IsolateApp" with a static value that is the same
across the severs.

--
- Paul Glavich
MVP ASP.NET
http://weblogs.asp.net/pglavich
ASPInsiders member - http://www.aspinsiders.com

[quoted text, click to view]

dotnet security : Decryption, cookies - "Bad Data"