I have a web application that uses Forms Authentication. The application is MVC and also has a section for requests from our Mobile application. The mobile application for a client was unused for a while and came back and now I see this logged in event view:
Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
I'm also logging cookies in IIS and see that ASPXAUTH looks right and that comes in on the first request. Then, at the Authorize attribute it redirects to login page and generates that error message.
The problem I have is we cannot have the client re-authenticate through log in on mobile app as that will cause data loss which is not an option in our case.
So my question is, is there a way to identify why it is invalid. Such as, expired token, invalid token, etc? I'm asking because I have researched and there are different ways to approach this depending on which reason. Such as machine key issues, etc...
Other details: Machine Key on IIS: Automatically generates at runtime, and unique by application. AutoGenerate, IsolateApps is entered for both validation and decryption.
FormsAuthenticationTicket expiration is set to int.MaxValue when it was originally generated.
It is very difficult to reproduce. I wasn't originally able to reproduce this for a while. Last night it seemingly at random happened, so now I have a mobile app that is stuck getting this invalid ticket error to test with.
I have looked at this post: ASP.NET Forms Authentication failed for the request. Reason: The ticket supplied has expired
Any help is appreciated. Thanks,
