Single Server Deployment

Configure the Machine Keys

Sana Commerce uses statically configured machine key for encryption of Cookies, Forms authentication tickets and the ViewState.

For each project, which is developed with Sana Commerce, a new key should be specified.

• Open the web.config of the Sana Commerce Starter Site project in VS2008
  (do the same for the 'web.config' file of the 'Sana.Commerce.BackOffice' project in VS2008);
• Locate the following lines after '<authentication mode="Forms">' element in appropriate 'system.web' section:

<machineKey validationKey="B19439999BE2452FE8925408CBDD773D55C00824A929A3263CADF649EA8A5654B96F3F 764025D3DE3D318EA158DD48489EC74265BD1736B036267AAE8A012B5E" decryptionKey="591F099B4D8E7F11441479A31F5281FF183199EFE6D9E19E703F8B910A7483F1" validation="SHA1" decryption="AES" />

No spaces must be present in the configuration values.

Replace the values of 'validationKey' and 'decryptionKey' attributes with new generated values. 

You can use online generator tool accessible here: http://aspnetresources.com/tools/keycreator.aspx For more information on machine key configuration please refer to this article: http://msdn.microsoft.com/en-us/library/ms998288.aspx.

•  Add protection="All" attribute to the '<forms>' element, which is the child of '<authentication>' element (the one that was mentioned in the previous step). After that, it should look similar to the following:

<forms loginUrl="~/Login.aspx" cookieless="UseCookies" name=".ASPXAUTH_BO" timeout="43200" protection="All" />