问题
I've got 2 applications: a webforms app running .Net 3.5 on IIS6 at subdomain.domain.com, and a MVC3 app running .Net 4 on IIS7 at subdomain2.domain.com.
This helped a lot but it's still not working.
Both apps successfully save the auth cookie at domain.com but neither will read the other app's cookie. In fact, logging into one app will log me out of the other because it overwrites the auth cookie the other had set.
回答1:
Besides requiring identical keys and auth name, there is another issue when the servers are running different versions of .net. In .net 4.0, the default encryption algorithm was changed. In your machinekey section of the web.config, you can explicitly set this as follows:
<machineKey
validationKey="{your key here}"
decryptionKey="{your key here}"
validation="SHA1" />
This is described here:
Breaking Changes
ASP.NET uses both encryption and hashing algorithms to help secure data such as forms authentication cookies and view state. By default, ASP.NET 4 now uses the HMACSHA256 algorithm for hash operations on cookies and view state. Earlier versions of ASP.NET used the older HMACSHA1 algorithm.
Your applications might be affected if you run mixed ASP.NET 2.0/ASP.NET 4 environments where data such as forms authentication cookies must work across.NET Framework versions.
If that doesn't work, another thing to try since you are dealing with servers in different subdomains, and I didn't see it mentioned in that page you linked to, is adding the following to the forms authentication section of your web.config:
<forms domain="mydomain.com" name=..etc.
See some more info on this here: http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
来源:https://stackoverflow.com/questions/6934947/single-sign-on-mvc3-and-webforms