How to share Forms Authentication between a 1.x Site and a 2.0 Site in the Same Domain


There are several blogs that have discussed how to share an auth cookie between sites in a farm and how to do a true single-signon for a domain. Mark Brooks pointed me to these that help a lot:

Now the trick is to do it between a 1.x and a 2.0 site in the same environment (but in different IIS Applications).  The trick is to create a <machineKey /> entry in both web.configs.  Pete Bromberg has a nifty little web page that will help you generate one to use for both:

The only thing left to do (and this is the magic really) is change the <machineKey /> on the 2.0 site to add a decryption attribute.  This is a new attribute that is only supported on 2.0.  You need to specify the decryption attribute because the decryption method changed between 1.x and 2.0.  So for your 1.x site, the <machineKey /> would look like so  (not my real machine key):

<machineKey validationKey='301B0898AB6288CA285641FC1DAB5653B8EC18E212A05FC20AA775383EEBF84428FD68BBD09E4FAE8E921A30E69F443D320541EEF272B322FA819035333E712C'   
            decryptionKey='096C74A8F465A5CFD629CAB61D9DD77651957F100406124F'
            validation='SHA1'/>

But for the 2.0 site you just need to add the decryption attribute and specify 3DES (which was the 1.x default):

<machineKey validationKey='301B0898AB6288CA285641FC1DAB5653B8EC18E212A05FC20AA775383EEBF84428FD68BBD09E4FAE8E921A30E69F443D320541EEF272B322FA819035333E712C'   
            decryptionKey='096C74A8F465A5CFD629CAB61D9DD77651957F100406124F'
            validation='SHA1' decryption='3DES'/>


Shawn
Shawn Wildermuth
Author, Teacher, and Coach



My Courses

pluralsight
Building a Web App with ASP.NET Core, MVC6, EF Core, Bootstrap and Angular (updated for 2.0)
Using Visual Studio Code for ASP.NET Core Projects (new)
Implementing and Securing an API with ASP.NET Core
Building a Web App with ASP.NET Core, MVC6, EF Core and AngularJS
Building a Web App with ASP.NET5, MVC6, EF7, and AngularJS (Retired)
Best Practices in ASP.NET: Entities, Validation, and View Models
Webstorm Fundamentals
Front-End Web Development Quick Start
Lessons from Real World .NET Code Reviews
Node.js for .NET Developers

Application Name WilderBlog Environment Name Production
Application Ver 2.0.0.0 Runtime Framework .NETCoreApp,Version=v2.0
App Path D:\home\site\wwwroot\ Runtime Version .NET Core 4.6.26020.03
Operating System Microsoft Windows 10.0.14393 Runtime Arch X86