Forms Authentication Fails Between ASP.NET 1.0 and 1.1 Applications (Cookie Decryption Fails)

Discussion in 'ASP .Net' started by John Saunders, Nov 13, 2003.

  1. I have an existing ASP.NET 1.0 application at the root of a web site. There
    is another 1.0 application in a virtual directory under the root. Forms
    Authentication works fine between the two.

    When the script maps in the sub-application are changed to use ASP.NET 1.1,
    Forms Authentication breaks. In particular, the Forms Authentication cookie
    no longer decrypts, so that the AuthenticateRequest handler finds
    Request.IsAuthenticated == false. No other changes are made to the
    sub-application, which was not recompiled for Framework 1.1, and resetting
    the script maps to use ASP.NET 1.0 restores full functionality.

    Setting both the root application and the sub-application to use ASP.NET 1.1
    also allows the cookie to be decrypted properly.

    Both applications have an explicit <machineKey> element in their web.config

    We are not ready to upgrade all of our applications to use ASP.NET 1.1. Does
    anyone have a solution for this, or any ideas of where I should go from

    John Saunders
    John Saunders, Nov 13, 2003
    1. Advertisements

  2. Wow! No clues anyone? Can anyone else reproduce this?
    John Saunders, Nov 18, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.