Forms authentication across .Net and .Net 4.5

The guys over at Microsoft have enhanced some of the cryptographic stuff in the .Net framework with the release of .Net 4.5.  This does mean that if you're using shared forms authentication across different applications running .Net 4.5 and .Net 4 you'll find that the cookie isn't decrypted correctly.  You'll need to add an additional property to the machine key section of your web.config for the application running under .Net 4.5


So if your machine key looked like this before

<machineKey validationKey="xx" decryptionKey="xx" validation="SHA1" decryption="AES"/>

Then it would now look like this 

<machineKey validationKey="xx" decryptionKey="xx" validation="SHA1" decryption="AES" compatibilityMode="Framework20SP2"/>

The default value for this property is Framework45 in .Net 4.5 which is overidden by the value from the web.config allowing the auth cookie to be shared across the applications.

Obviously for forms authentication to work successfully in the first place you still need to ensure that name, protection, path, validationKey, validation, decryptionKey, and decryption attributes of the web.config are all identical across all applications.