How to set machineKey on Azure Website

Question

I\'m running an Azure Website. Whenever I deploy, everyone gets logged out because the machineKey changes.

I specified the machineKey in th

Answer 1

Try to reset the machine-key configuration section upon Application_Start:

protected void Application_Start()
{
    // ...

    var mksType = typeof(MachineKeySection);
    var mksSection = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection;
    var resetMethod = mksType.GetMethod("Reset", BindingFlags.NonPublic | BindingFlags.Instance);

    var newConfig = new MachineKeySection();
    newConfig.ApplicationName = mksSection.ApplicationName;
    newConfig.CompatibilityMode = mksSection.CompatibilityMode;
    newConfig.DataProtectorType = mksSection.DataProtectorType;
    newConfig.Validation = mksSection.Validation;

    newConfig.ValidationKey = ConfigurationManager.AppSettings["MK_ValidationKey"];
    newConfig.DecryptionKey = ConfigurationManager.AppSettings["MK_DecryptionKey"];
    newConfig.Decryption = ConfigurationManager.AppSettings["MK_Decryption"]; // default: AES
    newConfig.ValidationAlgorithm = ConfigurationManager.AppSettings["MK_ValidationAlgorithm"]; // default: SHA1

    resetMethod.Invoke(mksSection, new object[] { newConfig });
}

The above assumes you set the appropriate values in the <appSettings> section:

<appSettings>
  <add key="MK_ValidationKey" value="...08EB13BEC0E42B3F0F06B2C319B..." />
  <add key="MK_DecryptionKey" value="...BB72FCE34A7B913DFC414E86BB5..." />
  <add key="MK_Decryption" value="AES" />
  <add key="MK_ValidationAlgorithm" value="SHA1" />
</appSettings>

But you can load your actual values from any configuration source you like.

Answer 2

I had the same issue and in my case I was using the webdeploy to Azure wizard in VS13. I thought I was going crazy as I would set the machinekey in the web.config and then it would be changed on the deployed web.config to autogenerate. It is something in the webdeploy script/settings. My solution was to open the live azure site from within VS13 using the Server Explorer and then editing the web.config and saving changes. This preserved my settings with my supplied keys and all works fine.

Answer 3

If Azure is rewriting your machineKey, you can't do much about it, as it is part of their infrastructure. However, there are other methods.

Override FormsAuthentication

This should not be difficult as you can easily look up for source code of FormsAuthentication and create your own logic and replace MachineKey with your own key stored in web.config or in your database.

Custom Authentication Filter

The simplest way would be to create a filter and check, verify, encrypt decrypt cookies in your filter. You need to do this on OnAuthorization method and create new instance of IPrincipal and set IsAuthenticated to true if descryption was successful.

OAuth

1. Enable OAuth and create OAuthProvider. However you will need to host OAuthProvider on server that is in your control as that will need machineKey working.
2. Enable Third Party OAuth, if you enable OAuth with Google, Facebook etc, it will be easy as user will be redirected to OAuth provider and they will continue to login automatically and a new session will be established.