UPDATE: This blog post was briefly unavailable, we've published an update on why it was taken down.
Several months ago, we wrote a blog post about why we think ASP.NET forms authentication is broken. The post describes how the cookie encryption in ASP.NET tends to change with Windows updates and patches, the problems it causes for a platform like AppHarbor, and the steps we take to mitigate those problems.
In the comments, we promised to share our solution to fix the breakage in ASP.NET forms authentication and that solution is to replace it with our own authentication implementation entirely. This gives you complete control over how the session cookies are created, so that there's no way they'll be affected by changes to the .NET Framework or other pieces of the infrastructure.
We have chosen to share this by open sourcing an authentication class library and a bare-bones ASP.NET MVC application with a fairly complete authentication implementation. It's available on GitHub; go take a look now.
Check out the README has details on how to integrate the authentication implementation in your own project. You can also refer to the sample for inspiration.
Once this solution has been available for public scrutiny for a while and we're confident that it is sound, we will package the authentication library up as a NuGet package to ease installation.
Let us know how this works out for you in the comments, and feel free to get in touch if you encounter any problems.
Image credit: Brocken Inaglory