Set session authenticationKey in code

Oct 7, 2014 at 9:08 AM
Edited Oct 7, 2014 at 9:08 AM
Hello,

Is it possible to set the authenticationKey in code insted of web.config ?

We use Azure websites and I want the key to be in appsettings on the portal.

Regards
Rune
Coordinator
Oct 7, 2014 at 9:57 AM
Hi,

no it's currently not possible to set the authentication key through other means than web.config. The authentication key configuration option is primarily there for medium trust applications, where NWebsec is unable to access the machine key.

If you're relying on the machinekey for other purposes, (Forms/WIF-cookies) I'd recommend going for the "useMachineKey" option. Let me know if this works for you.

I do realize that they recommend storing your secrets in appsettings for Azure Websites: http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure

It should be fairly easy to add support for reading the authenticationKey from an appsetting, I'll make the change if that's needed now in the age of the cloud.
Oct 7, 2014 at 11:05 AM
When I use "useMachneKey" to true I get the "A validation key must be explicitly set in the machineKey configuration, or you can disable the use of machine key and specify a separate "authenticationKey" in config." error.

Then I have to set the authenticationKey directly in the web.config I would like not have keys like this in the web.config but to use AppSettings, when working with Azure websites.
If it is not much work to add this feature than I would appreciate you could do that.

Regards
Rune
Coordinator
Oct 7, 2014 at 1:32 PM
Ah, yes, that makes sense.

I'll add the new feature to my backlog.
Coordinator
Oct 9, 2014 at 10:27 PM
This has been fixed in the latest release. See the docs to learn how it works: https://nwebsec.codeplex.com/wikipage?title=Configuring%20session%20security
Oct 10, 2014 at 10:27 AM
Thanks for quick reply an quick fix :-)