I am trying to set up forms authentication across multiple servers and subdomains but I am finding an issue where it works on some of our boxes and not others. We are passing 2 cookies from one server to another. One the Forms Authentication encrypted cookie and the other an non encrypted cookie.
We have the correct keys set on both boxes:
<authentication mode="Forms" >
<forms name=".MSLA" protection="All" timeout="30" slidingExpiration="true" path="/"
enableCrossAppRedirects="true" />
</authentication>
<machineKey
decryption="AES"
decryptionKey="CAB....."
validation="AES"
validationKey="A2........."
/>
We are setting the correct cookie domain eg. .bbbb.com as one site will be http://login.bbbb.com and the other being http://app.bbbb.com.
We are using ASP.net and .Net 4.0
On the boxes that do work I am finding that the isAutenticated is true and the Forms Authentication username is decrypted, however in the other sets of boxes that do not work I am finding that the non forms authentication cookie is passed correctly and read but the forms authentication cookie is passed (I can see this with Firebug) but the second site is unable to decrypt it and isAuthenicated is therefore False.
We are using Windows server 2008 and updates where applied a month ago.
I have seen this similar article to my problem and I have tried this but this doesn't work for me.
Similar Article with same issue but doesn't work
Has anyone come across this issue before? I am thinking that it must be more of a server setup issue rather than the code as I am able to get it working in some servers not others. Is there feature that might need to be added to these servers?
