Back

Explore Courses Blog Tutorials Interview Questions
0 votes
1 view
in Azure by (45.3k points)

I'm working on an MVC3 site, and I've got a puzzling problem with ASP.NET Membership. I'm using System.Web.Providers 1.0.1 connected to a SQL Azure database.

As it is now, the same username/password that logs me in when running under the Compute Emulator fails when running under Azure proper. I can see that it's using the right database, as the Failed Password Attempts counter in the membership database is being updated.

1 Answer

0 votes
by (16.8k points)

I tracked it down, thanks to some info in this article by David Hoerster. The problem is that the default password hashing algorithm on Azure is different from the .NET 4.0 defaults. It is set to SHA1 on Azure, and HMACSHA256 is the new standard setting on 4.0.

This can be fixed by specifying the hash type explicitly in web.config. If you decide to use a method like HMACSHA256, make sure you also specify a machine key - otherwise you will run into similar problems as the autogenerated machine key will differ from server to server.

The configuration element you need to change is <machinekey> under <system.web>:

<machineKey decryptionKey="PUT_DECRYPTION_KEY_HERE"

            validationKey="PUT_VALIDATION_KEY_HERE"

            decryption="AES"

            validation="HMACSHA256" />

You can use this machine key generator to generate random keys in the proper format.

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

28.4k questions

29.7k answers

500 comments

94.1k users

Browse Categories

...