.NET Single Sign On no longer works after moving website to another server

Question

I have two websites hosted on the same server (IIS6 on Windows Server 2003 R2). URL for the first website is www.domainname.com URL for the second website is my.domainname.com/website2 where "website2" is a virtual directory under "my" website on the same server. I have configured Single Sign On using forms authentication on both sites and it was working very well. After I moved the first website to another server (IIS7 - Windows Server 2008 R2) SSO stopped working (both ways).

"machineKey" and "forms" values are identical on both sites (see below).
I can see that the ticket is passed from the server logs.
I get the "Forms authentication failed for the request. Reason: The ticket supplied was invalid." error on the Event Viewer.
both sites use .net 4

------- Configuration start

<machineKey validationKey="key1" decryptionKey="key2" decryption="3DES" validation="SHA1" />

<authentication mode="Forms">
    <forms requireSSL="true" name="domainnameAuth" domain=".domainname.com" loginUrl="login.aspx" timeout="20" protection="All" path="/" />
</authentication>

What am I missing here? Any help on how to debug this situation is greatly appreciated.

I think you may need that `path="/"` element too, although that should be the default. — H H, Feb 14 '12 at 18:36
Thanks Henk - I tried that before with no luck. (I edited the code above to include path) — genti, Feb 14 '12 at 19:13
On the first read I missed those `www` and `my` subdomains. According to [this answer](http://stackoverflow.com/a/108569/60761) you need `domain=".domainname.com"` — H H, Feb 14 '12 at 19:39
I changed the domain to ".domainname.com" but it didn't help. Thanks! — genti, Feb 14 '12 at 19:52
I only recycled the application pools. Do I need a full restart for this? — genti, Feb 14 '12 at 20:05
No, a recycle should be enough. Otoh you don't want to take the risk it isn't. — H H, Feb 14 '12 at 21:19
Well, I'm out of ideas about cookies. Do check the membership provider settings, it has an AppName setting too somewhere. — H H, Feb 15 '12 at 19:46

score 1 · Answer 1 · answered Feb 17 '12 at 13:47

1

The issue disappeared after installing update http://support.microsoft.com/kb/2656351

I beleive there was an issue with FormsAuthentication.Decrypt/Encrypt and that was fixed after this update.

Thank you for your help Henk!

answered Feb 17 '12 at 13:47

genti

11
2

I had the same issue. But after reading this post and running the security updates for .net 4, everything worked fine. Thanks! – Kai-Rune Aug 23 '12 at 09:41

.NET Single Sign On no longer works after moving website to another server

1 Answers1