After a code release, single sign on between two of our sites stopped working. Both sites are run on different subdomains of the same domain. Subdomain x was being used as the sign on server for all other applications. I can't quite wrap my head around why this would be the case. In web.config for both sites the machine and decryption keys are the same. Validation is set to SHA1 and decryption is set to AES. The authentication config reads:
X:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="288开发者_C百科0" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" />
</authentication>
Y:
<authentication mode="Forms">
<forms loginUrl="https://x.domain.com/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" defaultUrl="http://x.domain.com/" />
</authentication>
The SSO was working fine up until this morning. I'm not sure exactly what was changed with the code release and am having issues figuring it out. The two applications are currently running on different app pools (one is x is .net 4.0 while y is .net 2.0) and when I switched them to using the same app pool the SSO worked. However, this is not an option as one of the libraries used in the other site only runs on .NET 2.0. I also tried forcing the machine and decryption keys and validation and decryption algorithms in IIS7 manager at both the top and website levels with no success.
When trying to go to y.domain.com after going to x.domain.com the browser is redirected back to the login page and the following exception is in the event log:
Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Any ideas?
Do you suspect the config has changed as well? Because you really need this in the Forms section:
enableCrossAppRedirects="true"
EDIT: Also make sure that they are using the same encryption keys:
<system.web>
<machineKey validationKey="BLAHBLAHBLAHBLAH" decryptionKey="BLAHBLAHBLAH" validation="SHA1" decryption="AES"/>
</system.web>
It sounds like the redirection is working ok and it's throwing an error when trying to read the ticket.
This was solved by getting patches/hotfixes to Windows and/or .NET. Specifically:
- KB2518870
- KB2656351
- KB2572078
- KB2633870
I got this working adding the following to the 4.0 website, in web.config inside configuration tag:
<appSettings>
<add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
<add key="aspnet:UseLegacyEncryption" value="true" />
<add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />
</appSettings>
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论