how to make single sign on work with asp.net framework 4.0

开发者_开发知识库I have a parent web application and a child web application. I am using single sign on between them. The child application is supposed to redirect anonymous users to the login page of the parent application We just updated both to .net 4.0 framework and now the SSO doesn't work anymore.

The setup is as follows. I have the machineKey tag all set up with validation key and decryption key in both applications.

then, for authentication tag i have the following in the child app (I have replaced the actual parent app's url with "parentApp" for privacy):

<authentication mode="Forms">
            <forms name=".SSOAuth" loginUrl="parentApp/Login.aspx" path="/" protection="All"/>
        </authentication>
        <sessionState mode="InProc" cookieless="false" timeout="30"/>
        <authorization>
            <!--<deny users="?"/>
            <allow users="*"/>-->
        </authorization>

this used to work perfectly fine before we switched to .net 4.0. can anybody please shed some light on why this doesn't work anymore? It doesn't redirect, and neither does it authenticate on the child site even if i manually go to the parent app login page and log in.

Edit: we never set anything up in the machine.config. the machineKey tag is supposed to be setup in web.config file.

Are you sure both applications are running under .NET 4.0? You might want to run through this article and double check that they are:

http://msdn.microsoft.com/en-us/library/dd483478(v=VS.100).aspx

This article briefly describes the breaking change in .NET 4.0 that it sounds like you might be running into:

http://www.asp.net/whitepapers/aspnet4/breaking-changes (See: Default Hashing Algorithm Is Now HMACSHA256)

also

http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode(v=vs.100).aspx

You could try running with 2.0 compatible settings to see if that fixes the problem.