Last post Jul 07, 2017 03:20 AM by Cathy Zou
Jul 06, 2017 11:53 AM|Ethan0k|LINK
I've a website build with ASP.NET 2.0 AND SECURITY=FORMS
I want to upgrade ASP.NET version so I've changed .NET version to 4.5 but after this cannot login.
Removing restriction on web.config I've tried to create new user but when try to login also this fail.
Jul 07, 2017 03:20 AM|Cathy Zou|LINK
According to official document. Asp.net use both encryption and hashing algorithms to help secure data such as forms authentication cookies and view state. By default, asp.net 4 now uses the HMACSHA256 algorithm for hash operations on cookies and view state.
Earlier versions of asp.net used the older HMACSHA1 algorithm.
You application might be affected if you run mixed asp.net 2.0/asp.net 4.5 environment where data such as forms authentication cookies must work across .net framework versions. To configure an asp.net 4.5 we application to sue older HMACSHA1 algorithm, add
the following setting in the web.config file.