I have 2 applications, one called www.domain.dk and a m.domain.dk
Both of them has a login function (identical), but if you login on m.domain.dk and goes to www.domain.dk then it needs to remember that you have already logged in.
And here comes the problem..
www throws and error saying that it can't validate the data from the cookie set by the m site, so I started debugging the code and found out that when www is encrypting the FormsAuthenticationTicket, the encrypted string is 64 characters longer than when the m site does it.
the following part from the web.config is identical for both projects
<machineKey validationKey="CF3D..." decryptionKey="A56..." validation="SHA1" decryption="AES" />
<authentication mode="Forms">
<forms name=".ASPXAUTH" domain=".domain.dk" timeout="20" enableCrossAppRedirects="true" path="/" protection="All" cookieless="UseCookies" />
</authentication>
The following code is from the login function
var ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(20), false, string.Empty, "/");
var hashCookies = FormsAuthentication.Encrypt(ticket);
www is an old site, so my question is mainly, is there any other things that can affect "FormsAuthentication.Encrypt" other than those I have in my web.config?
The solution was to add
compatibilityMode="Framework20SP1"
to the MachineKey tag