4

I am about to deploy my C# MVC AspNet Identity website to production, and I am concerned that the password hash in the db may be specific to the machine that it is created on (like it depends on the machine key)..

Please note that this is a "out the box" implementation of ASP.NET MVC as per the visual studio 2013 template.

It's way too late for me to change to a different authentication provider. Is it safe to move my DB and webserver to another machine, or will all the existing users stop working?

Improve this question
7
  • 1
    I strongly think that existing users will stop working, as their passwords will be different on new machine. What you can do now is to use the same Machine key on the New server. You can add the machine key in the web config. Commented Apr 27, 2015 at 6:10
  • So you are saying that the default asp.net identity hash IS dependant on the machine key in some way? Commented Apr 27, 2015 at 6:14
  • see [this link][1] and [this one][2] for similar responses. [1]: stackoverflow.com/questions/23804505/… [2]: stackoverflow.com/questions/19957176/… Commented Apr 27, 2015 at 6:22
  • Thanks, appreciate the effort Commented Apr 27, 2015 at 6:36
  • Ok, this comes out that you don't need to worry about the password hashing until you are using DEFAULT Asp.net identity authentication. but your post says "password hash in the db is specific to the machine that it is created on", which is confusing for readers. Commented Apr 27, 2015 at 6:36

1 Answer 1

Reset to default
2

Ok, as per the comments above, just for future google-ers - the hash is NOT machine dependant and can be safely moved between servers.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.