• Got a Tipila, google, windows live or facebook account ?

ASP.NET forms authentication ticket becomes invalid if the application pool recycles. The reason is the machine key is used in the encryption and in the default configuration, a new key is generated when the app pool is restarted.

So we need to specify a static machine key. This is how to do it.

Add the following to system.web of your root web.config (or machine wide web.config if possible)

<machineKey  
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
               AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"           
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>

Do the following to generate the random keys. DO NOT USE THE VALUES GIVEN

Create a console app with the following code

using System;
using System.Text;
using System.Security;
using System.Security.Cryptography;

namespace KeyGenerator
{
    class Program
    {
        static void Main(string[] args)
        {
            int len = 128;
            if (args.Length > 0)
                len = int.Parse(args[0]);
            byte[] buff = new byte[len / 2];
            RNGCryptoServiceProvider rng = new
                                    RNGCryptoServiceProvider();
            rng.GetBytes(buff);
            StringBuilder sb = new StringBuilder(len);
            for (int i = 0; i < buff.Length; i++)
                sb.Append(string.Format("{0:X2}", buff[i]));
            Console.WriteLine(sb);
            Console.ReadLine();
        }
    }
}

Run the app once without any command line argument tog generate the SHA1 validation key and add it to the validationkey value (make sure there are no line breaks within the value in the web.config)

Then run the exe with 64 as a command line argument to generate the AES decryption key and add to the web.config. That's it!

For more info http://msdn.microsoft.com/en-us/library/ff649308.aspx

1
votes
Login to Tipila