I have two sets of web applications, one set running under Asp.Net 3.5 and one set running Asp.Net 4.0. Both are hosted in IIS 6. I need to use a shared forms authentication (via the 3.5 app) to authenticate and authorize both the 3.5 and 4.0 applications. However I’m unable to get this done. So far I have
- Made sure the
<machineKey>configuration section is identical on all applications. - Set my providers up identically: pointing to the same database.
- I’ve even tried using aspnet:UseLegacyEncryption per this post.
So far nothing I have tried has worked. EXCEPT when I switch the “3.5” application to run under ver. 4.0. Then both sites are able to share the auth token just fine. Unfortunately for me this is not an option in production.
Obviously there is something different between 3.5 and 4.0 but I can’t figure out what it is. What am I missing? Has anyone else come across this? What did you do to resolve it?
I’d suggest checking for updates to .NET framework (3.5 & 4) on the machine you’re working on – I’m stuck with the same issue myself and this is what I am currently trying to resolve it.
I’ve read that certain updates made changes to the way auth tokens are created. Looks like my local version 4 was updated, but 3.5 was not – so as far as 3.5 is concerned the tokens generated by .net4 are not acceptable.
Fingers crossed!