How to share Forms Authentication between a 1.x Site and a 2.0 Site in the Same Domain
How to share Forms Authentication between a 1.x Site and a 2.0 Site in the Same Domain
There are several blogs that have discussed how to share an auth cookie between sites in a farm and how to do a true single-signon for a domain. Mark Brooks pointed me to these that help a lot:
- http://www.codeproject.com/aspnet/aspnetsinglesignon.asp
- http://fredrik.nsquared2.com/viewpost.aspx?PostID=251&showfeedback=true
Now the trick is to do it between a 1.x and a 2.0 site in the same environment (but in different IIS Applications). The trick is to create a <machineKey /> entry in both web.configs. Pete Bromberg has a nifty little web page that will help you generate one to use for both:
The only thing left to do (and this is the magic really) is change the <machineKey /> on the 2.0 site to add a decryption attribute. This is a new attribute that is only supported on 2.0. You need to specify the decryption attribute because the decryption method changed between 1.x and 2.0. So for your 1.x site, the <machineKey /> would look like so (not my real machine key):
<machineKey validationKey='301B0898AB6288CA285641FC1DAB5653B8EC18E212A05FC20AA775383EEBF84428FD68BBD09E4FAE8E921A30E69F443D320541EEF272B322FA819035333E712C' decryptionKey='096C74A8F465A5CFD629CAB61D9DD77651957F100406124F' validation='SHA1'/>
But for the 2.0 site you just need to add the decryption attribute and specify 3DES (which was the 1.x default):
<machineKey validationKey='301B0898AB6288CA285641FC1DAB5653B8EC18E212A05FC20AA775383EEBF84428FD68BBD09E4FAE8E921A30E69F443D320541EEF272B322FA819035333E712C' decryptionKey='096C74A8F465A5CFD629CAB61D9DD77651957F100406124F' validation='SHA1' decryption='3DES'/>
