Search code examples
asp.netweb-configmembership-providermachinekey

Creating a web farm - ASP.Net machineKey causes membership logons to fail

We are implementing a load balancer for our web site for redundancy purposes so if website 1 goes down, the load balancer will send all traffic to server 2 and vice versa.

I have implemented a machineKey that I generated in the web.config, but in doing so have broken my membership logins.

From what I've read, the provider should default to "hash" unless I have the provider set to "encrypted" and this shouldn't have affected my login, but it has. I can't seem to log in anymore, receiving an invalid password error.

Here is my relevant web.config code:

<machineKey
    validationKey="A181A9E1960ABFC9DF3F2D8AAC8597FFDCA69A87591B5D89D0A539A21AC543022680DFBF181BACC37533D15FCA59A0E4E1A2AA748A268FFED48AAFED00C8BA7A"
    decryptionKey="7366076C8BE16F2DA3AF9642071A136E5D8386ECA7659347560063474AFF61BB"
    validation="SHA1"
    decryption="AES" />
<membership defaultProvider="DefaultMembershipProvider">
    <providers>
    <add name="DefaultMembershipProvider"
        type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
        connectionStringName="ClientRunner"
        enablePasswordRetrieval="false"
        enablePasswordReset="true"
        requiresQuestionAndAnswer="false"
        requiresUniqueEmail="false"
        maxInvalidPasswordAttempts="5"
        minRequiredPasswordLength="6"
        minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="10"
        applicationName="/" />
    </providers>
</membership>

What am I doing wrong here?

Solution

  • I'm not exactly sure why this worked for me, but what I ended up doing was to modify my web.config like so:

    <membership defaultProvider="DefaultMembershipProvider" 
    hashAlgorithmType="HMACSHA256">

    and

    <machineKey
    validationKey="50E5BFCB171748F86DA392AC55D5217EDEFCE43C9B6D192C5265D8F0CDDC86CECBA42040C408B7B71EAD6A4CE669545AAFDE76BBA42CA44203223A7ADC442D1E"
    decryptionKey="EE9C03B1D922639AB7BA3C00E8C993BD8F6D27635B07979DF09F8C174C91CA65"
    validation="MD5" decryption="Auto" />

    The existing membership info seems to be allowing me to sign in now.