SyntaxFix

[asp.net] ASP.NET Forms Authentication failed for the request. Reason: The ticket supplied has expired

I am getting this error many times in the event log and users are logged out.

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 3/10/2011 3:35:22 PM
Event time (UTC): 3/10/2011 8:35:22 PM
Event ID: fc2f70cc85014b0ca7dbb01471617b66
Event sequence: 3392
Event occurrence: 1
Event detail code: 50202

Thoughts:

  • I am not using web forms.
  • I do not think the app pool is recycling.
  • I compared the Process ID in several events and it is equal.
  • My machine key is not AutoGenerate.

This question is related to asp.net .net authentication forms-authentication

The answer is

Sounds like an error you would get when your forms authentication ticket has expired. What is the timeout period for your ticket? Is it set to sliding or absolute expiration?

I believe the default for the timeout is 20 minutes with sliding expiration so if a user gets authenticated and at some point doesn't hit your site for 20 minutes their ticket would be expired. If it is set to absolute expiration it will expire X number of minutes after it was issued where X is your timeout setting.

You can set the timeout and expiration policy (e.g. sliding, absolute) in your web/machine.config under /configuration/system.web/authentication/forms

AS Scott mentioned here http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx After windows installed security update for .net framework, you will meet this problem. just modify the configuration section in your web.config file and switch to a different cookie name.

I was getting this same error, in our case it was caused by a load balancer. We hade to make sure that the persistance was set to Source IP. Otherwise the login form was opened by one server, and processed by the other, which would fail to set the authentication cookie correctly. Maybe this helps someone else

I've had the same issue after using a web.config from another machine. The problem was related with an invalid MachineKey. To solve the problem, I modified the web.config to use the correct MachineKey of my server.

This MSDN blog post shows how to generate a MachineKey.

Here is a good article from Microsoft http://www.iis.net/learn/troubleshoot/security-issues/troubleshooting-forms-authentication that covers various cases and scenarios.

Source: Stackoverflow.com

Examples related to asp.net

RegisterStartupScript from code behind not working when Update Panel is used You must add a reference to assembly 'netstandard, Version=2.0.0.0 No authenticationScheme was specified, and there was no DefaultChallengeScheme found with default authentification and custom authorization How to use log4net in Asp.net core 2.0 Visual Studio 2017 error: Unable to start program, An operation is not legal in the current state How to create roles in ASP.NET Core and assign them to users? How to handle Uncaught (in promise) DOMException: The play() request was interrupted by a call to pause() ASP.NET Core Web API Authentication Could not load file or assembly 'CrystalDecisions.ReportAppServer.CommLayer, Version=13.0.2000.0 WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for jquery

Examples related to .net

You must add a reference to assembly 'netstandard, Version=2.0.0.0 How to use Bootstrap 4 in ASP.NET Core No authenticationScheme was specified, and there was no DefaultChallengeScheme found with default authentification and custom authorization .net Core 2.0 - Package was restored using .NetFramework 4.6.1 instead of target framework .netCore 2.0. The package may not be fully compatible Update .NET web service to use TLS 1.2 EF Core add-migration Build Failed What is the difference between .NET Core and .NET Standard Class Library project types? Visual Studio 2017 - Could not load file or assembly 'System.Runtime, Version=4.1.0.0' or one of its dependencies Nuget connection attempt failed "Unable to load the service index for source" Token based authentication in Web API without any user interface

Examples related to authentication

Set cookies for cross origin requests How Spring Security Filter Chain works What are the main differences between JWT and OAuth authentication? http post - how to send Authorization header? ASP.NET Core Web API Authentication Token based authentication in Web API without any user interface Custom Authentication in ASP.Net-Core Basic Authentication Using JavaScript Adding ASP.NET MVC5 Identity Authentication to an existing project LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Examples related to forms-authentication

How to get the cookie value in asp.net website How to check user is "logged in"? ASP.NET Forms Authentication failed for the request. Reason: The ticket supplied has expired ASP.NET MVC - Set custom IIdentity or IPrincipal Why is <deny users="?" /> included in the following example? FormsAuthentication.SignOut() does not log the user out How to get the current user in ASP.NET MVC

Tags

Textcolor Image-uploading Uclinux Tidy New-operator Relate Pixelformat Clos User-inactivity Minidumpwritedump Profile-provider Dereference Header-files Errorformat Freetype Setstring Light Hyperjaxb Mars Extra Text-compression Struts-validation Session-timeout Vbe Amazon-s3 Branding Ram Scada Ido-mode Testcomplete Pex Bea Custom-server-controls Outlook-form Turbine Minimum Rowdeleting Author Fatal-error Dynamic-html Automatic-properties Vinstance Asynccontroller Hdfs Systemtap playframework-2-0 Satellite Stackless Vici Rosetta-code String-algorithm Imagelibrary Git-fetch Rhino-tools Die Expandometaclass Tombstoning Human-readable Shtml User-experience Mindmapping Entity-framework-4 Generator-expression Sprite Model-checking Boost-variant Ondrawitem Json.net Log4php After-save Fail-fast Tmp Filtered-index Receive-location Entity-framework-designer System.data Database-optimization Hmvc Hardware-acceleration Dot Eventargs Svnbridge Strace Formpanel Jmenuitem Css-reset Car-analogy Wm-command Iterator Common-files Tile Simile Ccr Between Delimited Motordriver String-externalization System-identification Bcc Procmon