Or to edit a store to introduce a specific key?
My goal is to set a key from a legacy ASP.NET Webforms site that uses the Membership provider. As such it has a MachineKey element in web.config where a ValidationKey is specified.
If I could have this key set in .NET Core Data Protection, I believe I could then implement a password hash using code similar to the example given here: https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/password-hashing?view=aspnetcore-2.1. With the correct key set, I should then be able to produce hashes matching those for the legacy site.
But it seems like the entire philosophy of Data Protection is that it sets the keys for you automatically and you should have nothing to do with them. Is there a way around this?
EDIT:
In ASP.NET WebForms, using the Membership provider to hash passwords for users, I have the following entry in my web.config:
<system.web>
<machineKey validationKey="*********"
decryptionKey="*********"
validation="HMACSHA256"
decryption="AES" />
</system.web>
When a password is hashed, the value in the "validationKey" attribute is involved in the hashing, isn't it? If the validationKey was different, then given the same password/salt combination, the produced hash would be different? Or is this where I'm going wrong?
If the above is correct, then my question is, how do I use the same key value in ASP.NET Core, so that when I hash with the same password/salt combination I produce the same hash as I have in my legacy database? How do I provide .NET Core with the validationKey value in order to hash? Or it's not even involved?