Return to doc.sitecore.com

  [FIXED] Unhandled exception after applying security update KB2416473

Note: This known issue was fixed in 6.2 rev. 101105 (Update-5), 6.3 rev. 101022 (Update-3), and 6.4 rev. 101124 (Update-1).

Reference number: 334587

Date published: October 01, 2010  

Description:
After installing an update from Microsoft that addresses the ASP.NET security issue described in Microsoft Security Advisory (2416728), Sitecore CMS may be throwing unhandled “HttpException: Unable to validate data” errors when previously authenticated users are trying to access the application.

This is caused by Sitecore CMS trying to authenticate a user using the ASP.NET authentication cookies that may still be contained in the web browser, but are no longer considered valid by ASP.NET. 

Workaround:

  1. Copy the Sitecore.Support.334587.dll file to the "/bin" folder of your solution.
  2. In the web.config file, replace the line

    <add name="forms" type="Sitecore.Security.Authentication.FormsAuthenticationProvider, Sitecore.Kernel" />

    with

    <add name="forms" type="Sitecore.Support.Security.Authentication.FormsAuthenticationProvider, Sitecore.Support.334587"/>