You lost me a bit there... writing and reading it back, and persisting the signature?
To try to cover the base I think I see: ASP.NET uses a single encryption key for all sessions, until you change the values in the web.config file (which I think requires a reboot).
I was thinking that the signature needed to be kept on the server, away from the attacker, because they could simply re-sign the message, but now I realize that checking the signature first would prevent the routine from ever getting to the decrypt algorithm, and thus no information would be leaked, so the attack would fail.
To try to cover the base I think I see: ASP.NET uses a single encryption key for all sessions, until you change the values in the web.config file (which I think requires a reboot).