Wednesday 14 April 2010

ASP.NET Forms Authentication:Padding is Invalid and can not be removed Error.

I was getting this error using

FormsAuthenticationTicket ticket =

FormsAuthentication.Decrypt(authCookie.Value);

.I was trying Forms authentication to pass encrypted ticket between two web applications.I left out section with following configurations:

<machineKey

validationKey="AutoGenerate,IsolateApps"

decryptionKey="AutoGenerate,IsolateApps"

validation="AES"

decryption="Auto" />

This configuration means to create different key for each web applications thus it failed as

encrypted key was not same in two web applications.

so how to get same key for forms authentication. I resolved this issue by setting static values in section in both web.config files.

<machineKey validationKey='B5D752F96C1196D2A98014A3EF96F35192183FA47D467ACF0969F3687EC3C6BA3A959CD85BD3C282F2390B220ACD742568A8BC36BDBFBF9306ED807E6B090D56' decryptionKey='4BE38697FCD33A2C61D8FC93754FA668CEE4B5467B6B81F6' validation='SHA1'/>

Validation and decryption were generated using online machinekey generator tool.