IIS6 & IIS7 forms auth compatibility

.net iis forms-authentication
13,300

In .NET 4.0 the way authentication tickets are encrypted has changed. If you want to be compatible with older versions you could set the ticketCompatibilityMode attribute like this:

<forms 
    loginUrl="/Login.aspx" 
    timeout="2880" 
    ticketCompatibilityMode="Framework20"
    domain="domain.com"
/>
Share:
13,300
Chris
Author by

Chris

Updated on June 04, 2022

Comments

  • Chris
    Chris almost 2 years

    Background:

    I have two web applications, set up on different web servers, which are currently both IIS6. Application 1 (A1 - a1.domain.com) uses the forms auth cookie set by application 2 (A2 - a2.domain.com).

    In A1 web.config I have:

    <authentication mode="Forms">
<forms name=".ASPXAUTH" domain="domain.com"  protection="All" path="/" loginUrl="http://a2.domain.com/login.aspx" timeout="60" />
</authentication>

    In A2 web.config I have:

    <authentication mode="Forms">
<forms name=".ASPXAUTH" domain="domain.com"  protection="All" path="/" loginUrl="login.aspx" timeout="60" />
</authentication>

    These two applications also share machineKey values in web.config

    This works perfectly without any problems.

    Problem:

    I am upgrading A1 to use .NET 4.0 and run in IIS7, and now the shared forms authentication does not work. I am still redirected to the correct login page on A2 and I can see that it sets the auth cookie, but when I go back to A1 the authentication fails with the following error (from Event Viewer):

    Forms authentication failed for the request. Reason: The ticket supplied was invalid.

    I have tried:

    • Setting up upgraded version of A1 in IIS6 (this worked - so no compatibility issues between forms auth in different .NET versions in IIS6)

    • Setting up upgraded A1 in IIS7 using a local login page i.e. copied login page from A2 into A1 and set A1 loginUrl="login.aspx" (also works)

    This has left me guessing that there is some compatibility issue caused by the auth cookie being created under an IIS6 site being used to authenticate users under an IIS7 site.

    Does anyone know how to solve this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to get the current user in ASP.NET MVC
What is "realm" in IIS authentication and how is it related to SSL certificate parameters?
.NET 3.5 missing from the ASP.NET drop down in IIS after new install
URL Rewrite - Remove .html extension
Redis IOException: "Existing connection forcibly closed by remote host" using ServiceStack C# client
Tracking Website's Page Visitors and Statistic at IIS level
System.UnauthorizedAccessException in mscorlib.dll
How can I remove a virtual directory in the Default Web Site using appcmd.exe?
unable to authenticate using basic authentication
What would be the cause of this worker process crash?