locked
Any Forms Auth Changes in 4.5 RRS feed

  • Question

  • I have a MVC 3 vs10 app which I just converted to vs12, MVC4, and .net 4.5

    The forms authentication ticket will not decrypt in 4.5 if it the cookie/ticket was created on a .net 4 site.

    System.Web.Security.FormsAuthenticationTicket ft;
    ft = System.Web.Security.FormsAuthentication.Decrypt(ticket);

       Error occurred during a cryptographic operation.

    <machineKey validationKey="456....." decryptionKey="123....." validation="SHA1" decryption="AES" />

    The http request passes the cookie (same cookie domain) but .Net does not recognize the authentication cookie.

    In Firebug I can see the cookie and grab the ticket.  The .net 4 sites will decrypt it, the 4.5 sites give the exception.

    Also if I:

       cookies = HttpContext.Current.Request.Cookies;

    The cookie does NOT appear even though FireBug shows it is in the HttpRequest!!!!

    p.s.

    web.config has same keys, same name, same domain, same clock syncs (I've done this before).


    • Edited by chuck02323 Monday, August 20, 2012 4:48 PM
    • Moved by Min Zhu Wednesday, August 22, 2012 1:11 AM (From:Common Language Runtime)
    Monday, August 20, 2012 4:36 PM

Answers

  • the default changed in .net 4.5

    Add the compatiblity mode

      <machineKey validationKey="12..." decryptionKey="34..."
                    validation="SHA1" decryption="AES"
                    compatibilityMode="Framework20SP1" />

    • Marked as answer by chuck02323 Tuesday, August 28, 2012 1:16 PM
    Tuesday, August 28, 2012 1:16 PM

All replies

  • Hi Chuck,

    Welcome to the MSDN Forum.

    For asp.net issue, please visit here: http://forums.asp.net/ 

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, August 21, 2012 11:06 AM
  • I am having this exact same problem.  I get the exception right on this line:
    FormsAuthentication.Decrypt(myCookie.Value);

    I also tried setting the machineKey value for the entire website in IIS, but this didn't appear to help either.

    Friday, August 24, 2012 7:25 PM
  • the default changed in .net 4.5

    Add the compatiblity mode

      <machineKey validationKey="12..." decryptionKey="34..."
                    validation="SHA1" decryption="AES"
                    compatibilityMode="Framework20SP1" />

    • Marked as answer by chuck02323 Tuesday, August 28, 2012 1:16 PM
    Tuesday, August 28, 2012 1:16 PM
  • Thank you.

    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, August 28, 2012 1:28 PM