How to regenerate Azure AppsServices Auth Signing Key (WEBSITE_AUTH_SIGNING_KEY)

Question

Lets say my WEBSITE_AUTH_SIGNING_KEY was compromised.

Is there a way to generate a new one?

I tried going to kudu, opening the console and typing set WEBSITE_AUTH_SIGNING_KEY = new key. It works but as soon as the site is restarted it goes back to the original value.

Edit:

I also tried with:

app.UseAppServiceAuthentication(new AppServiceAuthenticationOptions
            {
                SigningKey = ConfigurationManager.AppSettings["SigningKey"],
                ValidAudiences = new[] { ConfigurationManager.AppSettings["ValidAudience"] },
                ValidIssuers = new[] { ConfigurationManager.AppSettings["ValidIssuer"] },
                TokenHandler =  config.GetAppServiceTokenHandler()
            });

This seems to work (don't know if it is the corret way of doing it). But for Facebook authentication (the endpoint /.auth/login/facebook) it does not use my custom key or valid audience or anything, it uses the defaults and i can't change them. This seems like a bug in Azure maybe which is very annoying and makes the whole thing pretty useless if it can't be changed.

Thanks

Answer 1

According your description, you have:

tried going to kudo, opening the console and typing set WEBSITE_AUTH_SIGNING_KEY = new key

But have you replaced the configuration setting in your portal? Please try to change the WEBSITE_AUTH_SIGNING_KEY setting in your Azure Mobile Apps portal.