private void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(ticket), new string[0]);
}
}
validation="SHA1" decryption="AES"
compatibilityMode="Framework20SP1" />
Since you're in 4.5 and since you're manually issuing the cookie and since you're already intercepting the cookie, then you're not really using the forms auth HTTP module at all. I'd remove that for now. Also, change your module to handle AuthenticateRequest. See how that works.
Then once you do get it working, I'd scrap it all in favor of claims and using the SessionAuthenticationModule which is new and built into 4.5. It is far simpler and will serialize all of your roles into a cookie for you.
http://msdn.microsoft.com/zh-cn/library/system.identitymodel.services.sessionauthenticationmodule(v=vs.110).aspx
5
Make sure that the machineKey compatibility mode is the same between all applications:
<machineKey compatibilityMode="Framework20SP1" />
(The above is the default for 2.0 / 4.0 applications but is not the default for 4.5 applications, so it will have to be set explictly in the 4.5 application.)