Install Sana Commerce Webshop on Web and Database Server

Open 'Install Sana Commerce Webshop on Web and Database Server' wizard, choose your solution and scenario to see more provider-related information.

Configure the Machine Keys

Sana Commerce uses statically configured machine key for encryption of Cookies, Forms authentication tickets and the ViewState.

For each project, which is developed with Sana Commerce, a new key should be specified:

Step 1: Open the web.config of the Sana Commerce Starter Site project in Visual Studio or any text editor
(do the same for the 'web.config' file of the 'Sana.Commerce.BackOffice' project).

Step 2: Locate the following lines after '<authentication mode="Forms">' element in appropriate 'system.web' section:

<machineKey validationKey="F91A2816C7568504BDD2B728A6F8A0055159889EAD93C6A9A95AAEB942922F8A46DDF7D1EEBB E34C8D9DBC2877D0544906B28 484CC8A8527281785475879B5B2" decryptionKey="F286B25216693E27F23F044CC37CF6FD39CDC7AD2BE7BB600113752896E17507" validation="SHA1" decryption="AES" />
No spaces must be present in the configuration values.

Replace the values of 'validationKey' and 'decryptionKey' attributes with new generated values. 

You can use online generator tool accessible here:
For more information on machine key configuration please refer to this article:

Step 3: Add protection="All" attribute to the '<forms>' element, which is the child of '<authentication>' element (the one that was mentioned in the previous step). After that, it should look similar to the following:

<forms loginUrl="~/Login.aspx" cookieless="UseCookies" name=".ASPXAUTH_BO" timeout="43200" protection="All" />