I have a parent web application and a child web application. I use one sign in between. It is assumed that the child application redirects anonymous users to the login page of the parent application. We just upgraded both to the .NET Framework and now SSO no longer works.
The setting is as follows. I have a machineKey tag, all configured with a verification key and a decryption key in both applications.
then for the authentication tag I have the following in the child application (I replaced the actual parent address of the application with “parentApp” for privacy):
<authentication mode="Forms">
<forms name=".SSOAuth" loginUrl="parentApp/Login.aspx" path="/" protection="All"/>
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="30"/>
<authorization>
</authorization>
this was used to work just fine before we switched to .net 4.0. can anyone shed some light on why this is no longer working? It is not redirected, and it is also not authenticated on the subsidiary site, even if I manually go to the login page of the parent application and register.
Edit: we never install anything in machine.config. The machineKey tag must be configured in the web.config file.
source
share