What are the rules for NWebSec.SessionSecurity authenticationKey attribute?

100 Views Asked by user145400 At 17 December 2015 at 22:58

Specifically, the one indicated below:

  <nwebsec>
    <sessionSecurity xmlns="http://nwebsec.com/SessionSecurityConfig.xsd"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xsi:noNamespaceSchemaLocation="NWebsecConfig/SessionSecurityConfig.xsd">
      <sessionIDAuthentication enabled="true"
                               useMachineKey="false"
 ----------------------->      authenticationKey="64char hex string here"/>
    </sessionSecurity>
  </nwebsec>

My questions are:

Should I change this value between different deployments of my site?
Is this supposed to be a secret? (I assume so but this was not indicated).

Original Q&A

There are 1 best solutions below

klings On 21 December 2015 at 19:08 BEST ANSWER

The authenticationKeyis an alternative to using the machineKey, and should be treated similarly. I.e. you should use different keys for different enviroments, and you should also keep the key secret.

If you've configured the machineKey for your application, it's recommended to just use that. The authenticationKey was added to support scenarios where the machineKey couldn't be read from config.

What are the rules for NWebSec.SessionSecurity authenticationKey attribute?

There are 1 best solutions below

Related Questions in NWEBSEC

Trending Questions

Popular # Hahtags

Popular Questions