It literally makes me bananas - I'm on vacation like tomorrow, but if I can't work today, it's at risk - so any help is greatly appreciated!
Firstly, my site has a manually defined element <machinekey />, defined so that both web servers in the web farm are kept in sync. I checked this with the IIS manager (so I ask, despite being similar to so many other questions). It looks like this (the keys have evaded - but they are the correct length):
<machineKey validationKey="[512 bit hex]"
decryptionKey="[256-bit hex]"
validation="SHA1"
decryption="AES" />
The website runs Asp.Net MVC3, and I use authentication in normal mode (that is, not in compatibility mode). I use forms authentication to create an authentication ticket - using the following code:
FormsAuthentication.SetAuthCookie(userName, false);
My Forms Auth config is very simple; There are no IIS or server settings that override documented defaults:
<authentication mode="Forms">
<forms defaultUrl="~/Unauthorised"
loginUrl="~/Unauthorised"
ticketCompatibilityMode="Framework40" />
</authentication>
And then I grabbed the cookie reading functions according to this MSDN theme so that I can create the primary and identical that I want.
The problem is that only one half of the web farm can decrypt the authentication cookie, the other half (that is, regardless of who did not authenticate the user) simply gives:
System.Security.Cryptography.CryptographicException: Length of the data to decrypt is invalid.
As the top of the stack trace:
[CryptographicException: Length of the data to decrypt is invalid.]
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +12521039
System.Security.Cryptography.CryptoStream.FlushFinalBlock() +53
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType) +331
System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) +293
We use a slightly old (but very reliable) load balancer that does not change HTTP traffic, and the traffic in this case is HTTP; I can verify that it is always one server, and not both, using Fiddler to decrypt and verify traffic.
machineKey - , , !!?
!