Single Server Deployment

Configure the Machine Keys

Sana Commerce uses statically configured machine key for encryption of Cookies, Forms authentication tickets and the ViewState.

For each project, which is developed with Sana Commerce, a new key should be specified.

• Open the web.config of the Sana Commerce Starter Site project in VS2008
  (do the same for the 'web.config' file of the 'Sana.Commerce.BackOffice' project in VS2008);
• Locate the following lines after '<authentication mode="Forms">' element in appropriate 'system.web' section:
  <machineKey 
  validationKey="FB5B11E2E1F0C247D70272FCF752B5F04481682792BA7E55E3BECC98E45BEC444978E13359E5F6601FF 06EF05D25264934E2AC8CCE8F1EA5DA9BD2228D630D27"
  decryptionKey="C871C312E854B047D3DF040B476F60BB493A05855C7E3700165F6B70E3BCE2C5"
  validation="SHA1" decryption="AES" />
  
  

  No spaces must be present in the configuration values.

  
  Replace the values of 'validationKey' and 'decryptionKey' attributes with new generated values.

You can use online generator tool accessible here: http://aspnetresources.com/tools/keycreator.aspx For more information on machine key configuration please refer to this article: http://msdn.microsoft.com/en-us/library/ms998288.aspx.

•  Add protection="All" attribute to the '<forms>' element, which is the child of '<authentication>' element (the one that was mentioned in the previous step). After that, it should look similar to the following:
  <forms loginUrl="~/Login.aspx" cookieless="UseCookies" name=".ASPXAUTH_BO" timeout="43200" protection="All" />