28

I am getting this error many times in the event log and users are logged out.

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 3/10/2011 3:35:22 PM
Event time (UTC): 3/10/2011 8:35:22 PM
Event ID: fc2f70cc85014b0ca7dbb01471617b66
Event sequence: 3392
Event occurrence: 1
Event detail code: 50202

Thoughts:

  • I am not using web forms.
  • I do not think the app pool is recycling.
  • I compared the Process ID in several events and it is equal.
  • My machine key is not AutoGenerate.
Zanon
  • 29,231
  • 20
  • 113
  • 126
Amr
  • 301
  • 1
  • 3
  • 3
  • 1
    i recognize the babble as asp.net and have fixed the tags. – x0n Mar 10 '11 at 22:22
  • did you ever find a solution to this one? – AMember Oct 10 '13 at 15:56
  • 1
    Related questions: [Forms authentication failed for the request. Reason: The ticket supplied has expired](http://stackoverflow.com/questions/2686324/forms-authentication-failed-for-the-request-reason-the-ticket-supplied-has-exp) and [Error 4005 Forms authentication failed - ticket supplied has expired](http://stackoverflow.com/questions/284709/error-4005-forms-authentication-failed-ticket-supplied-has-expired) – Owen Blacker Mar 10 '14 at 11:49
  • did you tried any solution? – Kiquenet Jul 21 '16 at 15:18

5 Answers5

8

AS Scott mentioned here http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx After windows installed security update for .net framework, you will meet this problem. just modify the configuration section in your web.config file and switch to a different cookie name.

zhouruifu
  • 179
  • 3
  • 1
  • I changed the cookie name...and it fixed my issue. – contactmatt Jan 01 '14 at 19:14
  • @contactmatt Many user complied me about they are getting logged out very quickly before authentication timeout which is set to 30 minutes. I have checked event log and found that application pool is not getting recycled but have error you mentioned in question multiple times. My server administrator recently installed updates and it includes update related to what is mentioned in this answer. Can you let me know do you have problem with only those users who are using persistent cookie or all users facing problem because we do not have persistent forms authentication option. – Sandeep May 13 '16 at 04:09
  • For me this was the solution. For the ones who wonders how to set the cookie name see the answer here https://stackoverflow.com/a/6661964/2135719 – gvdm Jan 29 '19 at 09:02
6

Sounds like an error you would get when your forms authentication ticket has expired. What is the timeout period for your ticket? Is it set to sliding or absolute expiration?

I believe the default for the timeout is 20 minutes with sliding expiration so if a user gets authenticated and at some point doesn't hit your site for 20 minutes their ticket would be expired. If it is set to absolute expiration it will expire X number of minutes after it was issued where X is your timeout setting.

You can set the timeout and expiration policy (e.g. sliding, absolute) in your web/machine.config under /configuration/system.web/authentication/forms

Liam
  • 27,717
  • 28
  • 128
  • 190
Dustin Hodges
  • 4,110
  • 3
  • 26
  • 41
4

Here is a good article from Microsoft http://www.iis.net/learn/troubleshoot/security-issues/troubleshooting-forms-authentication that covers various cases and scenarios.

David d C e Freitas
  • 7,481
  • 4
  • 58
  • 67
2

I've had the same issue after using a web.config from another machine. The problem was related with an invalid MachineKey. To solve the problem, I modified the web.config to use the correct MachineKey of my server.

This MSDN blog post shows how to generate a MachineKey.

CDspace
  • 2,639
  • 18
  • 30
  • 36
Zanon
  • 29,231
  • 20
  • 113
  • 126
2

I was getting this same error, in our case it was caused by a load balancer. We hade to make sure that the persistance was set to Source IP. Otherwise the login form was opened by one server, and processed by the other, which would fail to set the authentication cookie correctly. Maybe this helps someone else

Allie
  • 1,081
  • 1
  • 13
  • 17