问题
I have create a Membership provider and changed my web.config to
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="Khafan.Providers.SqlMembershipProvider"
connectionStringName="KhafanConnectionString"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="4"
passwordStrengthRegularExpression=""
passwordFormat="Hashed"
enablePasswordReset="true"
enablePasswordRetrieval="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true" />
</providers>
</membership>
but now, whenever I try to browse to security page of ASP.Net Configuration it gives me the following error:
Hashed or Encrypted passwords are not supported with auto-generated keys
In my database I have used Identity for my PKs. I don't know it is the problem or not. But if it is, how can I solve it? I don't want to change Identity values.
Thanks.
回答1:
This is because you are hashing passwords but haven't set specific keys in your web.config. There's a "key generator" snippet in this MSDN article, run it twice and shove them in your web.config as:
<system.web>
<machineKey
validationKey="<blah>"
decryptionKey="<blah>"
validation="SHA1"
decryption="AES"
/>
And that should sort you out. It's like this because otherwise you could take your membership database/app to another machine and none of your passwords would work, as the auto generated machine keys would be different :-)
回答2:
Was a bit of a schlep to go hunting for the "key generator" snippet in the MSDN link Steven Robbins referred to in his answer, so I am adding it here for quick reference. So this is not a standalone answer. It is supplemental to the accepted answer.
FROM MSDN
The following code shows how to generate random key values. Compile the code to create a console application, and then pass the required key size as a command line argument expressed as the desired number of hexadecimal characters. Each byte is represented by two hexadecimal characters; therefore, to request a 32-byte key, pass 64 as a command line argument. If you do not specify an argument, the code returns a 128 hexadecimal character (64-byte) key.
using System;
using System.Text;
using System.Security;
using System.Security.Cryptography;
class App {
static void Main(string[] argv) {
int len = 128;
if (argv.Length > 0)
len = int.Parse(argv[0]);
byte[] buff = new byte[len/2];
RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
rng.GetBytes(buff);
StringBuilder sb = new StringBuilder(len);
for (int i=0; i<buff.Length; i++)
sb.Append(string.Format("{0:X2}", buff[i]));
Console.WriteLine(sb);
}
}
Also, <machineKey> goes inside of <system.web>, like this:
<system.web>
<machineKey
validationKey=""
decryptionKey=""
validation="SHA1"
decryption="AES"
/>
来源:https://stackoverflow.com/questions/546861/hashed-or-encrypted-passwords-are-not-supported-with-auto-generated-keys