A personal repository of technical notes. - CSC

KB2418241 MS10-070 Breaks Forms Authentication Ticket Sharing Between v1.1 and v2.0

Problem
Shared forms authentication between ASP.NET 1.1 and 2.0 stopped working after installing Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Received the following error in Application Event Viewer after authenticating in a v1.1 web page and then browsing to a v2.0 web page:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.

Solution
As of 11/1/2010: Apply Hotfix KB2433751.

"KB2433751 - Form Authentication Ticket Compatibility Issue with MS10-070 - Home." MSDN Code Gallery - Home. Web. 01 Nov. 2010.
<http://code.msdn.microsoft.com/KB2433751>.

Note: Download NDP1.1sp1-KB2433751-X86.exe worked with Windows XP.

References
"MS10-070: Description of the Security Update for the Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and on Windows XP." Microsoft Support. Web. 01 Nov. 2010.
<http://support.microsoft.com/kb/2418241>.

"FIX: Forms Authentication Cookies Compatibility Issue between .NET Framework 1.1 and .NET Framework 2.0 SP2 ASP.NET Applications after You Apply the Security Update from Security Bulletin MS10-070." Microsoft Support. Web. 01 Nov. 2010.
<http://support.microsoft.com/kb/2433751>.

"KB2433751 - Form Authentication Ticket Compatibility Issue with MS10-070 - Home." MSDN Code Gallery - Home. Web. 01 Nov. 2010.
<http://code.msdn.microsoft.com/KB2433751>.

"Legacy Encryption Mode and Microsoft .NET Framework 1.1 - ASP.NET Forums." Forums.asp.net : The Official Microsoft ASP.NET Forums. Web. 01 Nov. 2010.
<http://forums.asp.net/t/1609592.aspx>.

No comments:

Post a Comment