Forms Authentication Fails Between ASP.NET 1.0 and 1.1 Applications (Cookie Decryption Fails)

Discussion in 'ASP .Net' started by John Saunders, Nov 13, 2003.

  1. I have an existing ASP.NET 1.0 application at the root of a web site. There
    is another 1.0 application in a virtual directory under the root. Forms
    Authentication works fine between the two.

    When the script maps in the sub-application are changed to use ASP.NET 1.1,
    Forms Authentication breaks. In particular, the Forms Authentication cookie
    no longer decrypts, so that the AuthenticateRequest handler finds
    Request.IsAuthenticated == false. No other changes are made to the
    sub-application, which was not recompiled for Framework 1.1, and resetting
    the script maps to use ASP.NET 1.0 restores full functionality.

    Setting both the root application and the sub-application to use ASP.NET 1.1
    also allows the cookie to be decrypted properly.

    Both applications have an explicit <machineKey> element in their web.config
    files.

    We are not ready to upgrade all of our applications to use ASP.NET 1.1. Does
    anyone have a solution for this, or any ideas of where I should go from
    here?

    Thanks,
    John Saunders
    John Saunders, Nov 13, 2003
    #1
    1. Advertising

  2. Wow! No clues anyone? Can anyone else reproduce this?

    --
    John


    "John Saunders" <john.saunders at surfcontrol.com> wrote in message
    news:...
    > I have an existing ASP.NET 1.0 application at the root of a web site.

    There
    > is another 1.0 application in a virtual directory under the root. Forms
    > Authentication works fine between the two.
    >
    > When the script maps in the sub-application are changed to use ASP.NET

    1.1,
    > Forms Authentication breaks. In particular, the Forms Authentication

    cookie
    > no longer decrypts, so that the AuthenticateRequest handler finds
    > Request.IsAuthenticated == false. No other changes are made to the
    > sub-application, which was not recompiled for Framework 1.1, and resetting
    > the script maps to use ASP.NET 1.0 restores full functionality.
    >
    > Setting both the root application and the sub-application to use ASP.NET

    1.1
    > also allows the cookie to be decrypted properly.
    >
    > Both applications have an explicit <machineKey> element in their

    web.config
    > files.
    >
    > We are not ready to upgrade all of our applications to use ASP.NET 1.1.

    Does
    > anyone have a solution for this, or any ideas of where I should go from
    > here?
    >
    > Thanks,
    > John Saunders
    >
    >
    >
    >
    John Saunders, Nov 18, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harold Crump
    Replies:
    1
    Views:
    487
    =?Utf-8?B?RWx0b24gVw==?=
    Sep 30, 2005
  2. Replies:
    1
    Views:
    679
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jan 30, 2007
  3. jacob
    Replies:
    0
    Views:
    95
    jacob
    Apr 1, 2004
  4. rgouge

    Forms Authentication and Authentication Cookie

    rgouge, Jun 20, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    218
    Dominick Baier [DevelopMentor]
    Jun 20, 2005
  5. Eric
    Replies:
    2
    Views:
    450
Loading...

Share This Page