Developer Workstation Installation

Sana Commerce uses statically configured machine key for encryption of Cookies, Forms authentication tickets and the ViewState.

For each project, which is developed with Sana Commerce, a new key should be specified:

Step 1: Open the web.config of the Sana Commerce Starter Site project in Visual Studio or any text editor
(do the same for the 'web.config' file of the 'Sana.Commerce.BackOffice' project).

Step 2: Locate the following lines after '<authentication mode="Forms">' element in appropriate 'system.web' section:

<machineKey validationKey="F91A2816C7568504BDD2B728A6F8A0055159889EAD93C6A9A95AAEB942922F8A46DDF7D1EEBB E34C8D9DBC2877D0544906B28 484CC8A8527281785475879B5B2" decryptionKey="F286B25216693E27F23F044CC37CF6FD39CDC7AD2BE7BB600113752896E17507" validation="SHA1" decryption="AES" />

No spaces must be present in the configuration values.

Replace the values of 'validationKey' and 'decryptionKey' attributes with new generated values. 

You can use online generator tool accessible here: http://aspnetresources.com/tools/keycreator.aspx For more information on machine key configuration please refer to this article: http://msdn.microsoft.com/en-us/library/ms998288.aspx.

Step 3: Add protection="All" attribute to the '<forms>' element, which is the child of '<authentication>' element (the one that was mentioned in the previous step). After that, it should look similar to the following:

<forms loginUrl="~/Login.aspx" cookieless="UseCookies" name=".ASPXAUTH_BO" timeout="43200" protection="All" />