1

I have a web site with two endpoints, let's say www.mydomain.com and mydomain.com.

I need my user stay loged in when he jumps from one domain to another.

For this task I could force my users to login on one of domain (let's call it the main) and if somebody visits another - just redirect him to the main domain.

But I have read that I can use Forms Authentication Across Applications and share the same authentication ticket accross multiple domains.

So I decided to give a try to this approach, but it doesn't work for me... the main question why?

What I did:

  1. I generated new machineKey from this service.
  2. Added it in my web.config.

After this step my old membership provider stoped working correctly. It doesn't validate users with right passwords.

I suppose it's because all passwords in my current database should be encrypted by values from machineKey section.

Could anybody point me at what I am doing wrong and is it possible to make shared authentication with machineKeys and existing membership database that contains passwords in hashed format?

I also experimented with addint protection="All" (I assume that it shouldn't work with hashed password because it forces its encryption by machineKeys) and domain="mydomain.com" attributes to my <forms/> section in web.config, but - no luck.

Oleksii Aza
  • 5,368
  • 28
  • 35
  • 2
    Are the passwords hashed or encrypted? If they are hashed, the machine keys shouldn't matter. – Darin Dimitrov Jan 21 '14 at 16:40
  • My membership provider doesn't has PasswordFormat attribute and I assume that they I hashed. What could be a problem if when I add machineKeys section - membership stops working? – Oleksii Aza Jan 21 '14 at 17:13
  • The fact that the passwords are encrypted and not hashed. In this case the machine keys are used to encrypt them. Also could you clarify what you mean by *stop working*? Do you get some exception or it just fails to validate them? – Darin Dimitrov Jan 21 '14 at 17:14
  • When I add machineKey section and call Membership.ValidateUser(login, password) with right credentials - it returns 'false'. If I remove machine keys - it works nicely again. – Oleksii Aza Jan 21 '14 at 19:01
  • I just checked Membership.Provider.PasswordFormat and it returns Hashed. Also in my db Membership.PasswordFormat all values set as '1'. It's hashed. – Oleksii Aza Jan 21 '14 at 19:25
  • I have the same problem/symptoms as you: adding a machinekey causes existing users to fail to login. Have you found a solution to this problem? – ChrisW Feb 12 '14 at 14:48
  • no, I didn't find solution for this problem. – Oleksii Aza Feb 12 '14 at 17:14
  • I asked a similar question and got [a useful answer here](http://stackoverflow.com/a/21733831/49942). My problem was I hadn't specified the old hash algorithm, so it was using the default algorithm; when I added a machinekey that changed/specified the default hash algorithm; so to fix this I needed to specify explicitly the old `hashAlgorithmType` in the `membership` element. – ChrisW Feb 12 '14 at 17:23
  • @DarinDimitrov According to [this answer](http://stackoverflow.com/a/21733831/49942) defining a machinekey might change the default hash algorithm. – ChrisW Feb 13 '14 at 02:09

0 Answers0