Hashed or Encrypted passwords are not supported with auto-generated keys
I have create a Membership provider and changed my web.config to
-
Was a bit of a schlep to go hunting for the "key generator" snippet in the MSDN link Steven Robbins referred to in his answer, so I am adding it here for quick reference. So this is not a standalone answer. It is supplemental to the accepted answer.
FROM MSDN
The following code shows how to generate random key values. Compile the code to create a console application, and then pass the required key size as a command line argument expressed as the desired number of hexadecimal characters. Each byte is represented by two hexadecimal characters; therefore, to request a 32-byte key, pass 64 as a command line argument. If you do not specify an argument, the code returns a 128 hexadecimal character (64-byte) key.
using System; using System.Text; using System.Security; using System.Security.Cryptography; class App { static void Main(string[] argv) { int len = 128; if (argv.Length > 0) len = int.Parse(argv[0]); byte[] buff = new byte[len/2]; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(buff); StringBuilder sb = new StringBuilder(len); for (int i=0; i<buff.Length; i++) sb.Append(string.Format("{0:X2}", buff[i])); Console.WriteLine(sb); } }Also,
<machineKey>goes inside of<system.web>, like this:<system.web> <machineKey validationKey="" decryptionKey="" validation="SHA1" decryption="AES" />讨论(0) -
This is because you are hashing passwords but haven't set specific keys in your web.config. There's a "key generator" snippet in this MSDN article, run it twice and shove them in your web.config as:
<system.web> <machineKey validationKey="<blah>" decryptionKey="<blah>" validation="SHA1" decryption="AES" />And that should sort you out. It's like this because otherwise you could take your membership database/app to another machine and none of your passwords would work, as the auto generated machine keys would be different :-)
讨论(0)
加载中...
- 热议问题