ASP.NET Single Sign-on issues

0
votes

I have 2 websites (.net2 web-forms and the other one is .net4 mvc3) which are configured for the ASP.NET Single Sign-on feature. The web.config's machineKey element has the same attributes in both websites:

  • validationKey="some key"
  • decryptionKey="some key"
  • validation="SHA1"
  • decryption="AES"

Both websites share the same domain. web.config authentication -> forms has the same "name" attribute which is the name of the authentication cookie. Single sign-on doesn't work for me, websites simply overwrite each other's cookie with a different value.

This is on the live server. On staging exact same code is working fine and I'm having the single sign-on there.

I already spent a day on the issue, I think I checked everything I could and I'm almost sure it's not the code, but rather something with the server. Please help with your ideas and suggestions.

1
asp.netauthentication

1 Answers

1
votes

I finally got it working after converting .NET2 ASP.NET WebForms website into .NET4. No any changes other than the default Visual Studio 2010 conversion wizard changes in the web.config were made. Which means that despite having all the machineKey attributes matching the authentication cookie decryption implementation is somewhat different in .NET2 and .NET4.

I hope this will help someone else.