Friday, March 12, 2010

Sharing an Encrypted Authentication Ticket Between ASP.NET 1.1 and ASP.NET 2.0 (or higher)

Thank you to Dan Sellers's WebLog for this little tidbit regarding sharing an encrypted Authentication ticket between a .NET 1.1 application and .NET 2.0 (or higher). I am posting it here more for my benefit as it seems I've been doing this a lot lately. You can read up on the details on his site, but the important bit is that the first machine key section goes in the .net 1.1 app and the second one goes in the .net 2.0 or higher app. Poof. Magic. Like anything else, really simple if you know how to do it. Hope this helps.


Snippet of the machine config for an ASP.NET 1.1 Application:


<machineKey
validationKey='5C9D7A8F3E336275166075E596F19EB9B478F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200CD0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
decryptionKey='AF96F355CEC57EFD2F996515BF465DD399FAF7B806B2CD55' validation='SHA1'/>

Snippet of Web Config for an ASP.NET 2.0 Application with decryption attribute specified:


<system.web>
<machineKey
validationKey='5C9D7A8F3E336275166075E596F19EB9B478F771C7FE45B65BF6E9B41BA9575F04672CCC4242B2245200CD0E63A8991CA6BFB2D77FE9C5B0D69889359574C5F3'
decryptionKey='AF96F355CEC57EFD2F996515BF465DD399FAF7B806B2CD55'
validation='SHA1' decryption='3DES' />
Posted by Vincent Brown Jr at 3:56 AM
Labels:

4 comments:

  1. UnknownSeptember 28, 2013 at 1:13 PM

    Hi, i've been struggling to authorize users on my .net 2.0 application. basically i have both .net 1.1 and 2.0 running on 32 bit classic mode over https. i log into .net 1.1 then try to visit .net 2.0 secure page and i am redirected to login page. can you please help i've tried your solution above but i still get to the login page. however if i generate a new key in .net 2.0 application by calling FormsAuthentication.RedirectFromLoginPage i do get to login but when i return to .net 1.1 application i am logged out. any idea.

    thanks
    Khan

    ReplyDelete
  2. Vincent Brown JrSeptember 28, 2013 at 5:27 PM

    Are both applications under the same domain? If so, make sure that the forms authentication part of both web configs look the same and have the same name, path, etc. If the forms authentication ticket name is different, it won't work. Other than that, the part that makes this all work is the machine key and encryption algorithm. If that information is the same in both web configs, then both applications should be able to decrypt the forms authentication ticket.

    ReplyDelete
  3. UnknownSeptember 29, 2013 at 12:50 AM

    Yes they are on the same domain here are the authentication parts and machine config.

    ASP.NET 1.1 config







    and this ASP.NET 2.0 Config






    the above just doesn't work however if i isue a new ticket from login page by calling
    FormsAuthentication.RedirectFromLoginPage it does logs me in but with new authentication ticket which expires as soon as i visit my .NET 1.1 page and do a post back by any mean.

    both applications are using 32bit classic mode pools but have their own individual pools in IIS 7.0? any Idea

    thanks for your help so far much appreciated.

    Khan

    ReplyDelete
  4. UnknownSeptember 29, 2013 at 7:56 AM

    Yes they both are running on same server/domain. they are running on their own individual pools 32bit/classic mode in II7. is there any SP

    ReplyDelete

Subscribe to: Post Comments (Atom)