1

I have a .NET 4.0 application with a 2.0 application as a child. The web applications are not in a multi-server environment; only one server is involved in serving these requests. Both applications are using custom authentication and both applications have the same machineKey attributes and values. When I visit the 2.0 application the event log is showing the following message:

Event code: 4005 
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. 
Event time: 12/2/2011 11:36:49 AM 
Event time (UTC): 12/2/2011 5:36:49 PM 
Event ID: 2068ad6957964f75885301fc2b58ddfe 
Event sequence: 2 
Event occurrence: 1 
Event detail code: 50201

I tried setting the ticketCompatibilityMode attribute to Framework20 on the forms element in the Web.config, but that didn't solve the issue. Because of this error, the user isn't being authorized, and as a result the usual objects (HttpContext) isn't being populated with the user information.

Does anyone know how to fix this error so authentication will work for the 2.0 application? (As an aside, I do plan on getting the 2.0 application upgraded to 4.0, but it isn't in the cards to complete at this time)

leppie
  • 115,091
  • 17
  • 196
  • 297
Justin Helgerson
  • 24,900
  • 17
  • 97
  • 124

5 Answers5

5

In case someone comes across this same issue, I was able to fix this error by adding some entries to the <appSettings> section of my .NET 2.0 application's Web.config. The added entries were:

<add key="aspnet:UseLegacyEncryption" value="true" />
<add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />

Edit (2012-05-04): After installing Security Bulletin MS11-100 on the server, the authentication once again broke on the 2.0 application. Adding the following to the Web.config of the 4.0 application fixed the issue:

<add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
Justin Helgerson
  • 24,900
  • 17
  • 97
  • 124
  • This one worked for me where the .NET 2.0 app is the home login page. – Dan Randolph Nov 19 '13 at 23:21
  • This saved my day. Actually had the two first keys on a .net 4 server which has to communicate with an old 2.0 server that we had to keep alive. After installing 4.5 on the newer server today, all hell broke lose. That last key, fixed the issue. – Kaspar Kjeldsen Sep 07 '16 at 09:05
2

You must have the same framework on the 2 applications.

httpRuntime targetFramework="4.5"

pydufour
  • 51
  • 2
1

With the intention of aport info to the previous post, it works for me adding this keys into the APP (both 4.0) web.config:

    <add key="aspnet:UseLegacyEncryption" value="true" />
    <add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
anguila
  • 148
  • 1
  • 11
1

There is also one more cause of this problem. Even on the same machine, same IIS and same .NET framework if one of your applications has

<httpRuntime requestValidationMode="2.0" />

then sharing authentication cookie will not work.

Removing requestValidationMode solves the problem. But sometimes you cannot do it and it needs to stay there. I'm yet to discover what to do in such situation

Episodex
  • 4,479
  • 3
  • 41
  • 58
0

I had the same issue. In my case i had two different applications in the same server and the name attribute was the same for both.

The solution is to use a unique name for each application. See mode details here https://msdn.microsoft.com/en-us/library/1d3t3c61(v=vs.85).aspx

It is the cookie name and if you use the same name the cookie is overridden.

Pablishe
  • 71
  • 1
  • 5