Developer Workstation Installation

Configure the Machine Keys

Sana Commerce uses statically configured machine key for encryption of Cookies, Forms authentication tickets and the ViewState.

For each project, which is developed with Sana Commerce, a new key should be specified.

• Open the web.config of the Sana Commerce Starter Site project in VS2008
  (do the same for the 'web.config' file of the 'Sana.Commerce.BackOffice' project in VS2008);
• Locate the following lines after '<authentication mode="Forms">' element in appropriate 'system.web' section:
  <machineKey 
  validationKey="DBDB59AC7793A38F3CA621A598723FE4E344631654986E6D710725444A3A5EEA5C4F452EB3A5E5467B4 F739728BF756829070F3C88C2D3B46A8FA10EA0320C2C"
  decryptionKey="D75BD514AD0550502626996AD2AC7A38776B3FA82C2A6B13907FFB0FCC44CA4C"
  validation="SHA1" decryption="AES" />
  
  

  No spaces must be present in the configuration values.

  
  Replace the values of 'validationKey' and 'decryptionKey' attributes with new generated values.

You can use online generator tool accessible here: http://aspnetresources.com/tools/keycreator.aspx For more information on machine key configuration please refer to this article: http://msdn.microsoft.com/en-us/library/ms998288.aspx.

•  Add protection="All" attribute to the '<forms>' element, which is the child of '<authentication>' element (the one that was mentioned in the previous step). After that, it should look similar to the following:
  <forms loginUrl="~/Login.aspx" cookieless="UseCookies" name=".ASPXAUTH_BO" timeout="43200" protection="All" />