Last post May 30, 2012 02:08 PM by BoekEenHoek
May 04, 2012 06:19 AM|arefkarimi|LINK
We have two web sites. One ASP.NET MVC 3 and .NET 4, one ASP.NET 4 Web Forms (and EpiServer). They reside on two different folders but in IIS, we have an application pool for each. The app. pools are running under Network_Service account and are .NET 4 Integreated.
In IIS, we have created a web site to run the MVC site. Then under that web site we have created a seperate web application to run the web form site. So if the main site is accsessed via http://www.site.com , the web form site is accsessed through http://www.site.com/sub-site.
We have given same machine keys with same encryption type and .NET 2-compatible cookie etc as well as same application names to both sites. Thus when a user logs in to www.site.com, the ticket (authentication cookie) is shared with the other site so the
user does not need to login to www.site.com/sub-site and they can use the sub-site.
This perfectly works on several development machines and on the staging server. However it does not work on the production server. Unfortunately we do not have much access to the production server so the debugging process is very frustrating.
I read tens of blog posts and forum discussions such as the two ones below but none helped:
I also put these two lines in the web.config (under <appSettings>) :
<add key="aspnet:UseLegacyEncryption" value="true" />
<add key="aspnet:UseLegacyMachineKeyEncryption" value="true" />
I also set the app. pool user of both app. pools to Net_Work service, unchecked the "Auto Generate Keys" in under IIS/Machine key etc. but still when I try to access /sub-site I am redirected back to the login page.
Can someone please help me with this? Here is the server's configraiton:
IIS: version 8.5.7600
Windows: 2008 RS sp 1 64x
May 30, 2012 02:08 PM|BoekEenHoek|LINK
We had the same issue, it was caused by different updates installed on the machines.
About a year ago we had the same issue with another security update on the .net framework see :
And it seems to have happened again with a recent security update, so i bet applying all the updates will fix your issue.