How to share Forms Authentication between a 1.x Site and a 2.0 Site in the Same Domain

October 12, 2005
No Comments.

There are several blogs that have discussed how to share an auth cookie between sites in a farm and how to do a true single-signon for a domain. Mark Brooks pointed me to these that help a lot:

Now the trick is to do it between a 1.x and a 2.0 site in the same environment (but in different IIS Applications).  The trick is to create a <machineKey /> entry in both web.configs.  Pete Bromberg has a nifty little web page that will help you generate one to use for both:

The only thing left to do (and this is the magic really) is change the <machineKey /> on the 2.0 site to add a decryption attribute.  This is a new attribute that is only supported on 2.0.  You need to specify the decryption attribute because the decryption method changed between 1.x and 2.0.  So for your 1.x site, the <machineKey /> would look like so  (not my real machine key):

<machineKey validationKey='301B0898AB6288CA285641FC1DAB5653B8EC18E212A05FC20AA775383EEBF84428FD68BBD09E4FAE8E921A30E69F443D320541EEF272B322FA819035333E712C'               decryptionKey='096C74A8F465A5CFD629CAB61D9DD77651957F100406124F'            validation='SHA1'/>

But for the 2.0 site you just need to add the decryption attribute and specify 3DES (which was the 1.x default):

<machineKey validationKey='301B0898AB6288CA285641FC1DAB5653B8EC18E212A05FC20AA775383EEBF84428FD68BBD09E4FAE8E921A30E69F443D320541EEF272B322FA819035333E712C'               decryptionKey='096C74A8F465A5CFD629CAB61D9DD77651957F100406124F'            validation='SHA1' decryption='3DES'/>