I have a .NET 4.0 application with a 2.0 application as a child. The web applications are not in a multi-server environment; only one server is involved in serving these requests. Both applications are using custom authentication and both applications have the same machineKey attributes and values. When I visit the 2.0 application the event log is showing the following message:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 12/2/2011 11:36:49 AM
Event time (UTC): 12/2/2011 5:36:49 PM
Event ID: 2068ad6957964f75885301fc2b58ddfe
Event sequence: 2
Event occurrence: 1
Event detail code: 50201
I tried setting the ticketCompatibilityMode attribute to Framework20 on the forms element in the Web.config, but that didn't solve the issue. Because of this error, the user isn't being authorized, and as a result the usual objects (HttpContext) isn't being populated with the user information.
Does anyone know how to fix this error so authentication will work for the 2.0 application? (As an aside, I do plan on getting the 2.0 application upgraded to 4.0, but it isn't in the cards to complete at this time)
In case someone comes across this same issue, I was able to fix this error by adding some entries to the <appSettings> section of my .NET 2.0 application's Web.config. The added entries were:
<add key="aspnet:UseLegacyEncryption" value="true" />
<add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />
Edit (2012-05-04): After installing Security Bulletin MS11-100 on the server, the authentication once again broke on the 2.0 application. Adding the following to the Web.config of the 4.0 application fixed the issue:
<add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
You must have the same framework on the 2 applications.
httpRuntime targetFramework="4.5"
With the intention of aport info to the previous post, it works for me adding this keys into the APP (both 4.0) web.config:
<add key="aspnet:UseLegacyEncryption" value="true" />
<add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
There is also one more cause of this problem. Even on the same machine, same IIS and same .NET framework if one of your applications has
<httpRuntime requestValidationMode="2.0" />
then sharing authentication cookie will not work.
Removing requestValidationMode solves the problem. But sometimes you cannot do it and it needs to stay there. I'm yet to discover what to do in such situation
I had the same issue. In my case i had two different applications in the same server and the name attribute was the same for both.
The solution is to use a unique name for each application. See mode details here https://msdn.microsoft.com/en-us/library/1d3t3c61(v=vs.85).aspx
It is the cookie name and if you use the same name the cookie is overridden.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 混吃等死 的文章《.NET 2.0 Web App Authentication Failing: “The tick》','https://www.manongdao.com/article-479086.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}