Partager via

IIS 7 Tip # 10 You can generate machine keys from the IIS manager

  • Article

The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This works fine for applications that are deployed on a single server. When you use webfarms a client request can land on any one of the servers in the webfarm. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.

There are a lot of articles that describe how to use RNGCryptoServiceProvider to generate a random key. There are also a lot of online tools that generate random keys for you. But I would suggest writing your own script because any one who has access to these keys can do evil things like tamper your forms authentication cookie or viewstate.

With IIS 7 you no longer have to do this manually. The IIS 7.0 manager has a built in feature that you can use to generate these keys.

machinekeys

It uses RNGCryptoServiceProvider internally to create a random key. The value is stored locally in the web.config of that application something like

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <machineKey decryptionKey="F6722806843145965513817CEBDECBB1F94808E4A6C0B2F2,IsolateApps" validationKey="C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45,IsolateApps" />
    </system.web>
</configuration>

You can copy it and paste it in the web.config file of all the servers in the webfarm.

Bookmark and Share

Comments

  • Anonymous
    May 13, 2009
    Thank you for submitting this cool story - Trackback from DotNetShoutout

  • Anonymous
    May 13, 2009
    IIS 7 Tip # 10 You can generate machine keys from the IIS manager たけはらさんのBlog経由の情報。 IIS7の管理ツールからマシンキーの生成ができるんですね。...

  • Anonymous
    May 17, 2009
    Web The Evolution of a Website Design Twitter from ASP.NET IIS 7 Tip # 10 You can generate machine keys

  • Anonymous
    May 17, 2009
    WebTheEvolutionofaWebsiteDesignTwitterfromASP.NETIIS7Tip#10Youcangenera...

  • Anonymous
    July 05, 2012
    Great post but you can generate Online Machine key as well. It offers various algorithms to select for encryption and decryption.. www.a2zmenu.com/.../Machine-Key-Generator.aspx

  • Anonymous
    January 13, 2013
    hehehehe, ana baru tahu ne, tks bro <a href="wisataumrah.com/">Peluang Usaha</a>

  • Anonymous
    January 13, 2013
    hehehehe, ana baru tahu ne, tks bro http://wisataumrah.com/

  • Anonymous
    January 13, 2013
    tks for information, i can do <a href="joinsyariah.com http://joinsyariah.com/?id=001

  • Anonymous
    April 15, 2013
    Thanks - This saved a bunch of time.

  • Anonymous
    December 04, 2014
    Thanks for doing this.  It's a heck of lot more straight forward than any other method I've seen (e.g. support.microsoft.com/.../2915218 ).  I put a comment at the bottom of that KB saying they should simply use your method if you are a sysadmin.  The method in the KB article is ok if you are automating the process.  However, many sysadmins dis-allow any kind of scripting on a production server which is a problem if you need to run a PS script. Thanks again!

  • Anonymous
    December 16, 2014
    travelumrohjakarta.weebly.com

  • Anonymous
    March 07, 2015
    thanks for the info .. visit me http://www.infoumrohhaji.com/

  • Anonymous
    March 28, 2015
    The comment has been removed