Single Sign On for Web Application and Application in Virtual Directory

Question

To enable single sign-on for a web application and a web application in a virtual directory, I set the machinekey in both apps to the same:

<machineKey validationKey="xxx" decryptionKey="yy" validation="SHA1" />

The single sign on works just fine, but existing users can't sign in any more; their passwords are rejected. The machinekey used to be this in the parent application:

<machineKey validationKey="xxx,IsolateApps" decryptionKey="yy,IsolateApps" validation="SHA1" />

I tried other ways to make single sign on work, but it just won't as long as the keys contain "IsolateApps". What am I missing?

I should add that the in the membership provider, passwordFormat is set to "Encrypted". So I assume the password was encrypted using the key that contained "IsolateApps" and now when it tries to validate the password it's using the key without the "IsolateApps". Still not sure how to solve that problem. Is there maybe a way that I can set the encryption keys for the password separately from the one that is used for the authentication cookie?

Answer 1

Prior to setting up single sign on, your existing users passwords will have been encrypted with a different key

When setting up single sign on, you specify the key to use for each website involved in SSO.

This will be different to the autogenerated key

So your users will need to have their passords rencrypted by the new key