3

I'm using asp.net mvc 5 together with Identity2, standard login/password authentication, with "remember me" checkbox.

Imagine the scenario:

  • user logs in (standard auth cookie)
  • application is redeployed
  • user needs to relogin again.

Questions:

  1. Is it possible not to relogin after deploy?
  2. Sometimes, after deploy when you refreshes a page, that requires authorized access - it displays correctly, but if you refresh the second time - it redirects to login page.

All these happens when deployed to IIS7, locally on IIS Express everything is ok.

Sergey
  • 55
  • 2
  • 7

1 Answers1

9

The reason that you have to relogin is because the machine key changes. The machine key encryption is used to encrypt and decrypt the authentication cookie. Since the existing cookie cannot be decrypted the user is deemed unauthorized and needs to login again.

To overcome this you can manually set the machine key in the applications web.config

There is a good online tool by Developer Fusion which can generate these for you. Below is an example of one...

<machineKey 
  validationKey="B4A19ABE93A27433785DD47D6444E4B59394E220641D339AEE453D701F202140FF2BF519CED40335A0563AFB494A48DDF1A8DA00D462B42813712D21342B28C2"
  decryptionKey="2488146C1EA8177EB75422FE6FB6188550EBD0E4B67FCFD33056E50AD9771040"
  validation="SHA1" decryption="AES"

/>

Now everytime you redeploy the keys never change.

Hope this helps.

heymega
  • 9,215
  • 8
  • 42
  • 61
  • But why user is not signed out then, when the application is run on localhost after making changes to code and compiling it again? That also recycles the application pool? – Muhammad Adeel Zahid Mar 24 '16 at 19:58
  • When the application is run on localhost, even after making changes and compiling, the machine key does not change. – Joel Tipke Dec 02 '17 at 00:33