Generate a Machine Key (IIS 7)

  • Article

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Machine keys protect Forms authentication cookie data and page-level view state data. They also verify out-of-process session state identification. ASP.NET uses the following types of machine keys:

A validation key computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.

A decryption key is used to encrypt and decrypt Forms authentication tickets and view state.

Prerequisites

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Machine Keys Feature Requirements (IIS 7).

Exceptions to feature requirements

  • None

To generate machine keys

You can perform this procedure by using the user interface (UI), by editing configuration files directly, or by writing WMI scripts.

User Interface

To Use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, right-click Machine Key, and then click Open Feature.

  3. On the Machine Key page, select an encryption method from the Encryption method drop-down list. The default encryption method is SHA1.

  4. Choose a decryption method from the Decryption method drop-down list. The default decryption method is Auto.

  5. Optionally, configure settings for validation and decryption keys.

  6. In the Actions pane, click Generate Keys, and then click Apply.

Configuration

The procedure in this topic affects the following configuration elements:

  • <machineKey> element, defined in the Machine.config file.

For more information about IISĀ 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.

WMI

Use the following WMI classes, methods, or properties to perform this procedure:

  • MachineKeySection class. Keys are generated by setting properties, so no method is needed.)

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS 7.0 Beta: IIS WMI Provider Reference on the MSDN site.

See Also

Concepts

Configuring Machine Keys in IIS 7