Labels

Wednesday, May 16, 2007

DecryptionKey & ValidationKey

By default, you cannot share the same Authentication Ticket cookie across multiple servers [Web farm] or multiple application on the same Web Server.

 

·         By default, the Forms authentication cookie is encrypted and signed.

·         By default, each application generates a unique decryption and validation key.

·         Therefore, by default, you can't share the same authentication cookie across applications neither in the same Web Server nor different Web Servers.

Here are the default settings for this element:

<machineKey

  decryption="Auto"

  validation="SHA1"

  decryptionKey="AutoGenerate, IsolateApps"

  validationKey="AutoGenerate, IsolateApps" />

 

 

To share the same authentication cookie across every application hosted on the same web server, do as below.

·   Remove the IsolateApps attribute, as it cause to generate a different keys for every application.

 

<machineKey

  decryption="Auto"

  validation="SHA1"

  decryptionKey="AutoGenerate"

  validationKey="AutoGenerate" />

 

 To share the same authentication cookie across separate web servers.

·    Then you need to specify the decryptionKey and validationKey manually.

 

 

<machineKey

  decryption="AES"

  validation="SHA1"

  decryptionKey="306C1FA852AB3B0115150DD8BA30821CDFD125538A0C606DACA53DBB3C3E0AD2"

  validationKey="61A8E04A146AFFAB81B6AD19654F99EA7370807F18F5002725DAB98B8EFD19C711337E269

48E26D1D174B159973EA0BE8CC9CAA6AAF513BF84E44B2247792265" />

 

 

Thanks & Regards,

Arun Manglick

SMTS || Microsoft Technology Practice || Bridgestone - Tyre Link || Persistent Systems || 3023-6258

 

DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.

No comments:

Post a Comment