views:

76

answers:

2

I'm hashing passwords for an app I'm building using this method. I'm using the same database for development and staging while developing the app. The problem is none of the credentials work on the staging box, they work fine on my development box. Are the salt and hash values machine specific?

+3  A: 

This could be related to machineKey differences between your development and staging boxes. These keys are used in some hashing algorithms. By default autogenerated values are used in machine.config and you may need to override them with some fixed values which are the same between the two servers.

Darin Dimitrov
+4  A: 

Hi, It may be because the machineKey section in your web.config file are not in sync. By default, the values are 'AutoGenerate' and so the two boxes will have generated different decryptionkeys. Check out the section labelled "Configuring machineKey to Encrypt Forms Authentication Tickets" here. Basically, you need to create your own decryption key (or download a small generator) which you use in both boxes' web.config file instead of 'AutoGenerate'.

keyboardP