3

Sigle-Sign-On between a 4.0 framework application and a 2.0 framework application seems to be broken.

I have an old application built on asp.net framework 2.0 and a new application built on asp.net framework 4.0 and I am attempting configure SSO between the two.

I have done all the proper configruation of setting up the same machine key with identical validationKey, decryptionKey, validation, and decryption attributes as well as identical authentication name, domain, protection, and path attributes.

Strangely, this configuration works fine on my local development machine: - Windows 7 Ultimate (Service Pack 1) - 2.0 app running in app pool set to v2.0 Integrated - 4.0 app running in app pool set to v4.0 Integrated

However, in the deployment server windows event log, I get "Forms authentication failed for the request. Reason: The ticket supplied was invalid.": - Windows Server 2008 R2 Standard (Service Pack 1) - 2.0 app running in app pool set to v2.0 Integrated - 4.0 app running in app pool set to v4.0 Integrated

I have checked, re-checked, and re-re-checked the machine key and authentication configuration on the deployment machine so I know for sure that this is not the issue.

Also, just for the sake of argument, on the deployment server, I even tried setting both applictions forms protection="None" just to see if encryption was the issue and the result is still the same.

Also, on the deployment server, all other v2.0 applications configured with the same SSO settings have no issue. Even those running in different application pools. In short, v2.0 to v2.0 works while v4.0 to v2.0 pukes.

Any suggestions?

chris
  • 63
  • 1
  • 5
  • This question may provide you some insight: http://stackoverflow.com/questions/8361323/net-2-0-web-app-authentication-failing-the-ticket-supplied-was-invalid – mclark1129 Aug 28 '12 at 17:36
  • Thanks. It worked if I only added the v4.0 key to my v4.0 application Web.config file. When I tried including the v2.0 configuration change it was still broken, so I tried just the v4.0 config and success. Much appreciated @Mike-C! – chris Aug 28 '12 at 18:31
  • Glad to know it helped. I added my comment as a full response so that the question can be answered and closed. – mclark1129 Aug 28 '12 at 18:47

3 Answers3

3

After several days of desperation this worked: in the 4.0 web.config configuration tag

<appSettings>
    <add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
    <add key="aspnet:UseLegacyEncryption" value="true" />
    <add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />
</appSettings>
Zoltan Toth
  • 46,981
  • 12
  • 120
  • 134
tonymayoral
  • 4,797
  • 2
  • 26
  • 27
0

Please see the answer to this question for tips on how to manage encryption between legacy web applications.

Community
  • 1
  • 1
mclark1129
  • 7,532
  • 5
  • 48
  • 84
0

If adding these appSetting keys doesn't work then try adjusting the Compatibility Mode of the MachineKey element, especially if one of your applications targets .NET 4.5:

http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx

Matt Burrell
  • 340
  • 2
  • 10