How to generate a hash key for SSL sessions in web.config?

Discussion in 'ASP.NET / ASP.NET Core' started by thirdboxcar, May 20, 2009.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. Pardon my floundering in stuff that's way over my head in advance, I'm very new to ASP.net.

    I've inherited a site that I've chosen to host on DiscountASP.net, and the only bit I cannot get working correctly are two pages, specifically, that need to use secure sessions to access and process data. The rest of the site works beautifully.

    I believe I've located the source of the issue, but have no idea how to solve the problem. In the web.config file, my SessionState connection is as follows:

    Code:
    <sessionState mode="SQLServer" allowCustomSqlDatabase="true" sqlConnectionString="Data Source=tcp:sql2k802.discountasp.net;Initial Catalog=SQL2008_623370_****;User ID=SQL2008_623370_****_user;Password=****;" cookieless="false" timeout="20" />
    And, where I believe the problem lies, there are the following lines in a custom section of the web.config file:

    Code:
        <!-- STANDARD CONFIGURATION VALUES -->
        <add key="PROJECT" value="****" />
        <add key="VERSION" value="1.0" />
        <!-- SESSION CLASS -->
        <add key="LAST_ACCESS_INTERVAL_MINUTES" value="2" />
        <!-- ENCRYPTION -->
        <add key="KEY" value="18uR3#t^\!/fI()4" />
        <add key="IV" value="3#t#$d90jfFFsdi#" />
    Those values for KEY and IV came hard-coded in the web.config file. I am manually editing the config file, as I don't even have access to a Windows machine at this time, let alone one set up to manage this site/application.

    My question is, do I need to regenerate those KEY and IV values above? Is there a command I can use to auto-generate the hash values? I believe this is how the application is authenticating the sessions. Is there a way I can do it manually? I'm guessing that those values will need to be updated now that I'm using a new host/server/database.

    When I remove the KEY and IV lines of code, the pages in question take forever to load and error out (Server Error in '/' Application. The resource cannot be found), but when I leave them in, it takes forever to load, but eventually gets to the page, after a minute or more. Often, it will boot me out of the admin section (where one of the pages in question is located) before the action I'm trying to do (delete an instance from the database, or mark it as dealt with) can be completed.

    I sure hope someone understands this! Thank you!!
     
  2. I'm a little confused on what you are trying to do. Are you trying to encrypt your SQL session state? What sections in your web.config file are you trying to encrypt?
     
  3. Bruce

    Bruce DiscountASP.NET Staff

    I think the encryption you use is custom code. It is very difficult for us to help because we don't know how your application works.
     
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page