ASP Website does not seem to use machineKey in Web.Config for FormsAuthentication.Decrypt

Question

I want to pass the authentication cookie from my ASP.Net MVC 5 (.Net 4.5.1, hosted locally on iisexpress, run from Visual Studio) to my WCF Service (.Net 4.5.1, hosted locally on WcfSvcHost, run from same Visual Studio Solution) and decrypt it there. I have configured both to use the same machinekey (Web.config for ASP, App.config for WCF):

<machineKey validationKey="930681CA8CDC1BC09118D6B37E4A1B7712CEDBBD9FA1E35407EA1CD440C7E6F2DB9E93DADAC4098F90ACC7417DBE57C196722FC67F313A6AAE0F946E2FF731B6" decryptionKey="714C9581DA522C636B2D97D80276D5ACC02C274A11ABF117C76181B0480D4AEA" validation="SHA1" decryption="AES" />

Both reference the Same System.Web.dll:

C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework\v4.5.1\System.Web.dll (v4.0.30319)

But when i try to pass the cookieString to my Service and call

FormsAuthenticationTicket tick = FormsAuthentication.Decrypt(cookieString);

I get the Following Error:

Unable to validate data

I tried it the other way around (generate a fake ticket on WCF service and decrypt on ASP website), which did not work either. I can generate a ticket on the ASP website and decrypt it there just fine. I can also generate a ticket on the Service and decrypt it there without any problems.

var t1 = new FormsAuthenticationTicket("foo", false, 1337);
var cookie = FormsAuthentication.Encrypt(t1);
var t2 = FormsAuthentication.Decrypt(cookie);

I also made a small Console app, created a ticket there and decrypted it on the WCF service without any problems.

So it seems like the ASP Website does not use the specified keys to encrypt or decrypt the data.

Does anyone know what i can do to solve this problem?

EDIT: I followed this guide to obtain the cookie and pass it to my service. http://thoughtorientedarchitecture.blogspot.de/2009/10/flowing-aspnet-forms-authentication.html

However as i said i tried copying the value of the encrypted cookie and decrypt it in a simple console app with the same machinekey and it did not work.

Answer 1

You also asked this at http://forums.asp.net/p/1956219/5581762.aspx. See my answer there:

In the WCF service, set <machineKey ... compatibilityMode="Framework45" />. This will cause it to use the same algorithm as ASP.NET.

(Also remember to change your machine key if you inadvertently copied & pasted your real key into the question above.)