AuthTicket not being picked up in Virtual Directory

StackOverflow https://stackoverflow.com/questions/19862880

Question

I am trying to implement a SSO between an main IIS 7 site (local.mysite.com) and a VirtualDirectory beneath it (local.mysite.com/vdir).

I've setup both web.configs to use the same MachineKey settings and Authentication section:

<authentication mode="Forms">
  <forms name="myCookie" loginUrl="login.aspx" protection="All" path="/" enableCrossAppRedirects="true" domain=".mysite.com"/>
</authentication>
<machineKey validationKey="123" decryptionKey="456" validation="SHA1" decryption="AES"/>

I currently have the login working in the main site. I'm creating my own auth cookie using code similar to:

var ticket = new FormsAuthenticationTicket(1, state.Email, DateTime.Now, expiresDate, true, state.ToString());
string encryptedTicket = FormsAuthentication.Encrypt(ticket);

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Domain = FormsAuthentication.CookieDomain };
response.Cookies.Add(cookie);

However, whenever I hit the Virtual Directory after logging in the user is not authenticated. Using FireBug I can see that the cookie is sent in the request but I cannot access it in code behind. However if I remove the entry from the VirtualDirectories web.config I can see the "myCookie" cookie in the Requests cookie collection.

I can't figure out why this would be, can anyone shed some light on it? I'm not too familiar with working with VirtualDirectories in IIS so could be something I am missing.

Was it helpful?

Solution

The issue was down to web.config setting. I added a handler for FormsAuthenticationModule OnAuthenticate module and the error I got was "Error occurred during a cryptographic operation".

This was due to the VirtualDirectory having <httpRuntime targetFramework="4.5"> but this wasn't set in the parent application. Setting this solved the issue.

OTHER TIPS

The Best way to handle this is to make machinekey decryption fall back to Framework20SP2

From this article : http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx

Just add that attribute to machinekey in your .net 4.5 application

<machineKey validationKey="" decryptionKey="" validation="SHA1" compatibilityMode="Framework20SP2" />

you won't need to remove targetFramework="4.5" from httpruntime now.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top