Is there any way to not use the <machineKey> and instead provide my own key at runtime.
Trying to find a way to read the key from say a SQL database or any centralized store and provide it to FormsAuthentication somehow.
views:
47answers:
3
+1
A:
You can put a machineKey section in web.config for your application. Is that what you mean?
Jarrett Meyer
2009-11-11 21:00:28
not really, I need to read it from a key store say a database or any kind of store.
Cosmin Onea
2009-11-11 21:05:41
+1
A:
You can hook to the HttpApplication.Authenticate event in your global.asax and do your own authentication module that can use any key that you want. Take a look at Mono's FormsAuthenticationModule for an example on how FormsAuthenticationTicket et al are used to handle the cookie 'lifetime'.
Gonzalo
2009-11-11 21:06:10
this is what I already did. but wanted to know if there is any way to reuse the formsauthentication and inject a new key into it.
Cosmin Onea
2009-11-11 21:10:39
Not that I know. Same goes for the validation/encryption key of the form.
Gonzalo
2009-11-11 21:15:09
I don't see how I can use my own key in the auth module. There is no way I can change where FormsAuthentication class gets the key from. FormsAuthentication provides only Encrypt and Decrypt methods but no SetKey or anything.
Cosmin Onea
2009-11-11 21:23:33
Right, however you can use the same code we use in Mono but replacing the code that reads the key from the configuration with your own code to retrieve the key from wherever you want.
Gonzalo
2009-11-11 21:37:51
A:
This seems to not be possible. I switched to Windows Identity Foundation.
Cosmin Onea
2009-11-20 00:30:47