Workaround: Specifying Machine Keys with Windows Azure SDK 1.3

One of the features introduced in Windows Azure SDK 1.3 is the ability to host web roles under full IIS (instead of Hosted Web Core, as in previous SDK releases), that allows customers to host multiple web sites in a single web role. To support multiple web sites, a change was made in SDK 1.3 […]

One of the features introduced in Windows Azure SDK 1.3 is the ability to host web roles under full IIS (instead of Hosted Web Core, as in previous SDK releases), that allows customers to host multiple web sites in a single web role. To support multiple web sites, a change was made in SDK 1.3 to set machineKey element on a per-web-site basis rather than a per-machine basis. This had the unfortunate side effect of overwriting any site-level machineKey elements already specified in web.config.

A new MSDN topic, "Top Windows Azure Support Issues" includes info about this issue, among others. It describes a workaround:

In prior releases, the user could provide an explicit machine key by specifying the machineKey element in the site's web configuration file. Explicit site-level configuration would override the automatic machine-level configuration.

In 1.3 release, automatic configuration occurs at the site-level, overriding any user-supplied value.

Workaround
A workaround is to programmatically update the site-level configuration during role instance start-up.

If you rely on specifying your own machine keys (e.g., if you use a membership provider which encrypts and hashes passwords), please read and apply the workaround.

[Source]