Developer Workstation Installation

Configure the Machine Keys

Sana Commerce uses statically configured machine key for encryption of Cookies, Forms authentication tickets and the ViewState.

For each project, which is developed with Sana Commerce, a new key should be specified.

• Open the web.config of the Sana Commerce Starter Site project in VS2008
  (do the same for the 'web.config' file of the 'Sana.Commerce.BackOffice' project in VS2008);
• Locate the following lines after '<authentication mode="Forms">' element in appropriate 'system.web' section:

<machineKey validationKey="C0AF5B216DB4F516A42B02BD024A35A1794E932C9F5095243358F8E506B140B2E1CE8AD 4E24939D9A7F4DEFEF022DDB96C1577C4DC4E17789CAF772297C02DB9" decryptionKey="A56ABC8C3369897ACA7BDF5E3A633B838C9865DE88C3207CD1F4DC39A40AB534" validation="SHA1" decryption="AES" />

No spaces must be present in the configuration values.

Replace the values of 'validationKey' and 'decryptionKey' attributes with new generated values.

You can use online generator tool accessible here: http://aspnetresources.com/tools/keycreator.aspx For more information on machine key configuration please refer to this article: http://msdn.microsoft.com/en-us/library/ms998288.aspx.

• Add protection="All" attribute to the '<forms>' element, which is the child of '<authentication>' element (the one that was mentioned in the previous step). After that, it should look similar to the following:

<forms loginUrl="~/Login.aspx" cookieless="UseCookies" name=".ASPXAUTH_BO" timeout="43200" protection="All" />