I have created an application in ASP.NET MVC 5. Now I need to deploy the application on the server. Will my existing passwords work in ASP.NET Identity 2 when I deploy? Or do I need to use the same machine key that I have in my client machine?
Asked
Active
Viewed 4,730 times
1 Answers
12
You do not need to set the machine key for passwords. The machine key is used for encryption/decryption (ViewState, Session, Cookies, etc.) not for hashing.
If you are using multiple instances of the application (think Azure Cloud Service) then you'll want to set the machine key so that cookies and auth tickets can be used across instances.
Josh
- 1,724
- 13
- 15
-
But how they hashes then? – Imran Qadir Baksh - Baloch May 24 '14 at 08:06
-
It's fairly straightforward and you can read about it here: http://stackoverflow.com/questions/19957176/asp-net-identity-password-hashing – Josh May 24 '14 at 08:44
-
Let's say that I use one instance. When designing for Azure, I should assume that the instance is ephemeral, shouldn't I? In this case would I get an instance with a different machine key and the auth tickets will become invalid? – tymtam Jun 28 '16 at 02:47
-
If you machine encrypted items to survive, you need to specify the key. – Josh Jun 29 '16 at 14:13