Generate Machine Key Web.config

Generate Machine Key Web.config Rating: 8,3/10 1956 votes
6 Jul 2011CPOL
Machine key generates a unique key which helps you on single form because it helps to protect your Form Authentication cookies and page level View state

By default, the machine key is auto generated unless you specify it directly in Web.config. However if you just let the machine key be auto generated, what happens is, if you move your site to a different server, the machine key is different and therefore it cannot decrypt the passwords and all your accounts would be locked out. Jun 11, 2012  The script looks for the key being set in machine.config, so if you have it set in IIS Manager, then it's being set in the root web.config file. Modify the script to use web.config instead of machine.config for the config file path.

Introduction

CTS manufactures low-cost machine keys without sacrificing quality and dependability. Our machine key prices are ALWAYS lower than other sellers. If you find any “machine key” from these sellers, we will always beat their price. Machine keys, also known as shaft keys, fasten shafts to gears, pulleys, couplings, wheels and similar parts. Jul 31, 2012  Easiest way to generate MachineKey. My team wants to set this value at a higher level than the web.config in case one of our developers forgets to add the machine key to the web.config. I understand the security risks of this, but that was the decision that was made. Thanks for any advice! Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Machine key generates a unique key which helps you on single form because it helps to protect your Form Authentication cookies and page level View state. When user sends a request and Server A receives response with form Authentication cookies, now again he sends a request which was received by Server B and attempted to decrypt form authentication cookies which was unsuccessful to decrypt because server A was using his own unique machine key and server B was using its own unique machine key to decrypt the form Authentication cookies. To avoid this problem, use the same machine key on all servers.

Dec 21, 2009  The IsolateApps modifier causes ASP.NET to generate a unique key for each application on your server by using the application ID of each application. You can override the protection attribute setting for all Web applications on the server by using the machine-level Web.config file or, for a specific application, by using its Web.config file. Apr 15, 2009  MachineKey in web.config There are few scenarios that you want to add MachineKey into your web application’s web.config: You have a web farm and in each server the machine.config set to auto generate machinekey. You want to use “Encyrpted” password format in ASP.NET membership provider.

Generate Machine Key in IIS7

Let’s see the example on how to generate machine key for web site.

  • Open your IIS Manager from Administrative tool -> Internet Information Services Manager.
  • In Connection pane on left side of window, click on the website.
  • Double click on Machine Key icon as shown below.
  • You will see Machine key page, default encryption method is SHA1, you can change it from dropdown list as shown.
  • Click on Generate Keys from Actions pane from left side of IIS window as shown.
  • Click Apply as shown.
  • Message will be shown on Alerts pane, 'The changes have been successfully saved.'
  • Open your Web.Config file, you will find the<machineKey> inside the <system.web> section as shown.

Web.Config

Note: Apply this machine key on all web farm servers; this is my generated machine key.

Link

-->

Create Web Config File

The implementation of the <machineKey> element in ASP.NET is replaceable. This allows most calls to ASP.NET cryptographic routines to be routed through a replacement data protection mechanism, including the new data protection system.

Package installation

Note

The new data protection system can only be installed into an existing ASP.NET application targeting .NET 4.5.1 or later. Installation will fail if the application targets .NET 4.5 or lower.

To install the new data protection system into an existing ASP.NET 4.5.1+ project, install the package Microsoft.AspNetCore.DataProtection.SystemWeb. This will instantiate the data protection system using the default configuration settings.

Machine Key Web.config Generator

When you install the package, it inserts a line into Web.config that tells ASP.NET to use it for most cryptographic operations, including forms authentication, view state, and calls to MachineKey.Protect. The line that's inserted reads as follows.

Create Machine Key Web.config

Tip

You can tell if the new data protection system is active by inspecting fields like __VIEWSTATE, which should begin with 'CfDJ8' as in the example below. 'CfDJ8' is the base64 representation of the magic '09 F0 C9 F0' header that identifies a payload protected by the data protection system.

Web Config Machinekey

Package configuration

The data protection system is instantiated with a default zero-setup configuration. However, since by default keys are persisted to the local file system, this won't work for applications which are deployed in a farm. To resolve this, you can provide configuration by creating a type which subclasses DataProtectionStartup and overrides its ConfigureServices method.

/generate-gpg-key-without-passphrase.html. Below is an example of a custom data protection startup type which configured both where keys are persisted and how they're encrypted at rest. It also overrides the default app isolation policy by providing its own application name.

Tip

You can also use <machineKey applicationName='my-app' .. /> in place of an explicit call to SetApplicationName. This is a convenience mechanism to avoid forcing the developer to create a DataProtectionStartup-derived type if all they wanted to configure was setting the application name.

Machine Config File Path

To enable this custom configuration, go back to Web.config and look for the <appSettings> element that the package install added to the config file. It will look like the following markup:

Fill in the blank value with the assembly-qualified name of the DataProtectionStartup-derived type you just created. If the name of the application is DataProtectionDemo, this would look like the below.

Generating Machine Key For Web.config

The newly-configured data protection system is now ready for use inside the application.