3

I have a asp.net 4.5 application with hundreds of existing users. We need to change the machine key used in the web config file. We have arrived at the point where two applications are using the same machine key and when a user logs into one application they are able to get access to the other application that uses the same machine key, despite not having an account!

I'm aware that changing simply changing this machine key will render existing users unable to log into the system.

Can anyone tell me if/how I can update the machine key or the existing users in such a way that I can preserve the existing user base?

I don't know exactly what details folks may need to help me here, so I can expand on this if necessary.

Thanks.

dstewart101
  • 1,084
  • 1
  • 16
  • 38
  • Not sure why existing users would not be able to log in. Existing *already* logged in users would certainly get *logged out*, but I don't see why they would be unable to just log back in. What authentication method are you using? – user1429080 Jan 10 '17 at 13:12
  • forms authentication here. both applications share the same machine key value in the web config. the attributes of validationKey and decryptionKey are the same. we need the users to be able to log into both applications on the same server, at the same time, but both applications are picking up the most recent login in and using that authentication regardless of which application the user logged into. – dstewart101 Jan 10 '17 at 14:21
  • 1
    ok - so found the solution. it seems our applications were sharing the same default cookie. gave them both individual names and now that has fixed the problem. http://stackoverflow.com/questions/14135703/login-logout-issue-for-multiple-iis-applications-under-the-same-site – dstewart101 Jan 10 '17 at 14:47
  • omg YES - replacing this is exactly what I needed to do to force everyone to logout on an app update – Poat May 04 '23 at 15:43

0 Answers0