Recently I experienced a strange problem with custom login functionality based on Forms Authentication method. The visible issue is that sometimes I login successfully to my application, sometimes - I can’t. In all the cases the same login details are used. When I reviewed the Event Log I found the following error:
Event viewer error:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 30/08/2006 15:43:33
Event time (UTC): 30/08/2006 12:43:33
Event ID: 8bffe75e7ff344c78fe1af8c1124e217
Event sequence: 894
Event occurrence: 388
Event detail code: 50201
Below you can find a short explanation and the solution how to prevent this behaviour.
In fact the application uses “machinekey” definition to generate the authentication cookie. If “machinekey” properties are not initialized in the web.config file, the application uses different values on the different servers. This way when you have been logged in on server X and then try to login on server Y it may happen to use the cookie from server X which is different from the one that server Y uses. Then you cannot login.
Therefore machinekey properties must be always defined for applications that are moved from server to server. Here is an example of “machinekey” definition:
You can generate it by using this .exe file: http://omar.mvps.org/pics/SecurityKey.exe
Here is how you can run it: SecurityKey.exe 24 64
You can read more about this problem and its solution in the following article: http://msmvps.com/blogs/omar/archive/2006/08/20/108307.aspxasp.net, fail login, forms authentication, invalid ticket machine key