After a code release, single sign on between two of our sites stopped working. Both sites are run on different subdomains of the same domain. Subdomain x was being used as the sign on server for all other applications. I can't quite wrap my head around why this would be the case. In web.config for both sites the machine and decryption keys are the same. Validation is set to SHA1 and decryption is set to AES. The authentication config reads: X: <pre class="prettyprint"><code><authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" /> </authentication> </code></pre> Y: <pre class="prettyprint"><code><authentication mode="Forms"> <forms loginUrl="https://x.domain.com/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" defaultUrl="http://x.domain.com/" /> </authentication> </code></pre> The SSO was working fine up until this morning. I'm not sure exactly what was changed with the code release and am having issues figuring it out. The two applications are currently running on different app pools (one is x is .net 4.0 while y is .net 2.0) and when I switched them to using the same app pool the SSO worked. However, this is not an option as one of the libraries used in the other site only runs on .NET 2.0. I also tried forcing the machine and decryption keys and validation and decryption algorithms in IIS7 manager at both the top and website levels with no success. When trying to go to y.domain.com after going to x.domain.com the browser is redirected back to the login page and the following exception is in the event log: <blockquote> Forms authentication failed for the request. Reason: The ticket supplied was invalid. </blockquote> Any ideas?

Do you suspect the config has changed as well? Because you really need this in the Forms section: <pre class="prettyprint"><code>enableCrossAppRedirects="true" </code></pre> EDIT: Also make sure that they are using the same encryption keys: <pre class="prettyprint"><code><system.web> <machineKey validationKey="BLAHBLAHBLAHBLAH" decryptionKey="BLAHBLAHBLAH" validation="SHA1" decryption="AES"/> </system.web> </code></pre> It sounds like the redirection is working ok and it's throwing an error when trying to read the ticket.

asp.net single sign on not working

After a code release, single sign on between two of our sites stopped working. Both sites are run on different subdomains of the same domain. Subdomain x was being used as the sign on server for all other applications. I can't quite wrap my head around why this would be the case. In web.config for both sites the machine and decryption keys are the same. Validation is set to SHA1 and decryption is set to AES. The authentication config reads:

X:

<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" />
</authentication>

Y:

<authentication mode="Forms">
    <forms loginUrl="https://x.domain.com/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" defaultUrl="http://x.domain.com/" />
</authentication>

The SSO was working fine up until this morning. I'm not sure exactly what was changed with the code release and am having issues figuring it out. The two applications are currently running on different app pools (one is x is .net 4.0 while y is .net 2.0) and when I switched them to using the same app pool the SSO worked. However, this is not an option as one of the libraries used in the other site only runs on .NET 2.0. I also tried forcing the machine and decryption keys and validation and decryption algorithms in IIS7 manager at both the top and website levels with no success.

When trying to go to y.domain.com after going to x.domain.com the browser is redirected back to the login page and the following exception is in the event log:

Forms authentication failed for the request. Reason: The ticket supplied was invalid.

Any ideas?

Why is single sign on not working?

Let's do a quick check of the browser settings to ensure you can leverage SSO from browsers. Log into the client machine where the issue is happening. Under Advanced, check the state of Enable Integrated Windows Authentication. Ensure that the option is enabled or checked.

Do you suspect the config has changed as well? Because you really need this in the Forms section:

enableCrossAppRedirects="true"

EDIT: Also make sure that they are using the same encryption keys:

<system.web>
   <machineKey validationKey="BLAHBLAHBLAHBLAH" decryptionKey="BLAHBLAHBLAH" validation="SHA1" decryption="AES"/>
</system.web>

It sounds like the redirection is working ok and it's throwing an error when trying to read the ticket.

asp.net single sign on not working

Tags:

asp.net

iis-7

forms-authentication

single-sign-on

illvm

People also ask

1 Answers

Mantorok

Recent Activity

Donate For Us

asp.net single sign on not working

Tags:

asp.net

iis-7

forms-authentication

single-sign-on

illvm

People also ask

1 Answers

Mantorok

Related questions

Recent Activity

Donate For Us