After the code is released, one sign between our two sites stops working. Both sites operate on different subdomains of the same domain. Subdomain x was used as a server sign for all other applications. I canβt completely turn my head around why this is so. In web.config, for both sites, the machine keys and decryption keys are the same. Validation is set to SHA1, and decryption is set to AES. Authentication configuration reads:
X
<authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" /> </authentication>
At
<authentication mode="Forms"> <forms loginUrl="https://x.domain.com/Account/LogOn" timeout="2880" protection="All" name="Domain.ASPXAUTH" path="/" domain="domain.com" defaultUrl="http://x.domain.com/" /> </authentication>
SSO worked fine until this morning. I'm not quite sure what has changed with the release of the code, and I am having problems with this. These two applications currently work in different application pools (one of them is .net 4.0 and y -.net 2.0), and when I switched them to use the same application pool, SSO worked. However, this is not an option, since one of the libraries used on the other site works only on .NET 2.0. I also tried to force the machines and decryption keys, as well as the verification and decryption algorithms in the IIS7 manager on both the top and website, without success.
When trying to go to y.domain.com after switching to x.domain.com, the browser is redirected back to the login page, and the following exception is in the event log:
Form authentication failed for request. Reason: ticket provided is not valid.
Any ideas?
illvm source share