Menu
I'm running an Azure Website. Whenever I deploy, everyone gets logged out because the machineKey changes.
I specified the machineKey in the web.config but this didn't solve the issue. I believe this is because Azure automatically overwrites the machineKey [1].
I've found a couple of similar questions here but the answers link to dead links.
So, what's the solution? Surely there's a way to keep users logged in regardless of deployments on Azure.
267
The MachineKey section can be configured at the machine (Machine. config) or application (Web. config) level and controls the keys and algorithms that are used for Windows Forms authentication, view-state validation, and session-state application isolation.
"validationKey specifies a manually assigned validation key. This value must be manually set to ensure consistent configuration across a network of Web servers (a Web farm). The key must be a minimum of 40 characters (20 bytes) and a maximum of 128 characters (64 bytes) long.
Machine key a unique key that differentiates one computer from others. And this key is used to create unique identifier when cookie is created in the client machine from a server side code. This key is generally present in the machine. config file when you install .
Try to reset the machine-key configuration section upon Application_Start:
protected void Application_Start() { // ... var mksType = typeof(MachineKeySection); var mksSection = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection; var resetMethod = mksType.GetMethod("Reset", BindingFlags.NonPublic | BindingFlags.Instance); var newConfig = new MachineKeySection(); newConfig.ApplicationName = mksSection.ApplicationName; newConfig.CompatibilityMode = mksSection.CompatibilityMode; newConfig.DataProtectorType = mksSection.DataProtectorType; newConfig.Validation = mksSection.Validation; newConfig.ValidationKey = ConfigurationManager.AppSettings["MK_ValidationKey"]; newConfig.DecryptionKey = ConfigurationManager.AppSettings["MK_DecryptionKey"]; newConfig.Decryption = ConfigurationManager.AppSettings["MK_Decryption"]; // default: AES newConfig.ValidationAlgorithm = ConfigurationManager.AppSettings["MK_ValidationAlgorithm"]; // default: SHA1 resetMethod.Invoke(mksSection, new object[] { newConfig }); } The above assumes you set the appropriate values in the <appSettings> section:
<appSettings> <add key="MK_ValidationKey" value="...08EB13BEC0E42B3F0F06B2C319B..." /> <add key="MK_DecryptionKey" value="...BB72FCE34A7B913DFC414E86BB5..." /> <add key="MK_Decryption" value="AES" /> <add key="MK_ValidationAlgorithm" value="SHA1" /> </appSettings> But you can load your actual values from any configuration source you like.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
