Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

An ASP.NET forms authentication request that is sent to server in a web farm may fail


View products that this article applies to.

Summary

The security update that security bulletin MS11-100 addresses changes the format of forms authentication tickets in a way that is incompatible with the older version of forms authentication tickets. If you have a web farm where some servers are updated and other servers are not updated, some servers will generate a forms authentication ticket that is incompatible on other servers. 

↑ Back to the top


Symptoms

ASP.NET forms authentication requests that are sent to a server in a web farm may fail even though its credentials are valid. The Application log on the server has an Information entry with a Source that is a specific version of ASP.NET and an Event ID of 1315. The log contains a message that resembles the following: 

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.


↑ Back to the top


Resolution

To address this issue, please make sure that all computers in the web farm are updated. For more information about deployment guidance for MS11-100, click the following article number to view the article in the Microsoft Knowledge Base:
2659968 Deployment guidance for security update 2638420, as described in MS11-100

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2638420 MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011



For more information, visit the following Microsoft TechNet webpage to view the security bulletin MS11-100:

↑ Back to the top


Applies to:

↑ Back to the top

Keywords: kbsurveynew, kbsecreview, kbsecvulnerability, kbsecurity, kbsecbulletin, atdownload, kblangall, kbfix, kbexpertiseinter, kbbug, kb, kbmustloc

↑ Back to the top

Article Info
Article ID : 2661404
Revision : 1
Created on : 1/7/2017
Published on : 12/31/2011
Exists online : False
Views : 318