ASP.Net decrypt a domain authorisation cookie - "Unable to validate data"
Given two ASP.Net web applications running on the same server and in the same application pool why would one be unable to decrypt the ASP.Net authorisation cookie written by the other? There's nothing special going on, just standard ASP.Net forms authentication over HTTPS - but one application will not decrypt the cookie. Create a new, empty ASP.Net MVC application, copy the decryption code from the offending application and it decrypts the cookie with a smug look on it's face. Perhaps it's EPiServer CMS that's causing the issue? It's being used by the offending application. Add EPiServer CMS to the now-not-empty ASP.Net MVC application and it's decrypting like a pro. Arrgh! Several days worth of searching the internet and it's desperation time - Single Sign On isn't this difficult! A line-by-line comparison of web.config for the applications reveals two subtle and not obviously relevant differences; the system.web/compilation node doesn't have a ta...