According to this article:
Security researchers 'destroy' microsoft asp.net security - The Inquirer
It seems they can break ASP.NET security in under 50 minutes.
Security researchers 'destroy' microsoft asp.net security - The Inquirer
RESEARCHERS have managed to exploit the way in which AES encryption is implemented in Microsoft's ASP.NET software to leave web users' data up for grabs.