This project is read-only.

Set session authenticationKey in code

Oct 7, 2014 at 10:08 AM
Edited Oct 7, 2014 at 10:08 AM

Is it possible to set the authenticationKey in code insted of web.config ?

We use Azure websites and I want the key to be in appsettings on the portal.

Oct 7, 2014 at 10:57 AM

no it's currently not possible to set the authentication key through other means than web.config. The authentication key configuration option is primarily there for medium trust applications, where NWebsec is unable to access the machine key.

If you're relying on the machinekey for other purposes, (Forms/WIF-cookies) I'd recommend going for the "useMachineKey" option. Let me know if this works for you.

I do realize that they recommend storing your secrets in appsettings for Azure Websites:

It should be fairly easy to add support for reading the authenticationKey from an appsetting, I'll make the change if that's needed now in the age of the cloud.
Oct 7, 2014 at 12:05 PM
When I use "useMachneKey" to true I get the "A validation key must be explicitly set in the machineKey configuration, or you can disable the use of machine key and specify a separate "authenticationKey" in config." error.

Then I have to set the authenticationKey directly in the web.config I would like not have keys like this in the web.config but to use AppSettings, when working with Azure websites.
If it is not much work to add this feature than I would appreciate you could do that.

Oct 7, 2014 at 2:32 PM
Ah, yes, that makes sense.

I'll add the new feature to my backlog.
Oct 9, 2014 at 11:27 PM
This has been fixed in the latest release. See the docs to learn how it works:
Oct 10, 2014 at 11:27 AM
Thanks for quick reply an quick fix :-)