Saturday 27 October 2012

Generate Machine Keys from IIS Manager


Generate Machine Keys from IIS Manager

 

 

The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption.

By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This works fine for applications that are deployed on a single server. When you use webfarms a client request can land on any one of the servers in the webfarm. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.

There are a lot of articles that describe how to use RNGCryptoServiceProvider to generate a random key. There are also a lot of online tools that generate random keys for you. But I would suggest writing your own script because any one who has access to these keys can do evil things like tamper your forms authentication cookie or viewstate.

With IIS 7 you no longer have to do this manually. The IIS 7.0 manager has a built in feature that you can use to generate these keys.

It uses RNGCryptoServiceProvider internally to create a random key. The value is stored locally in the web.config of that application something like :


<?xml version="1.0" encoding="UTF-8"?>
<configuration> 

<system.web> 

<machineKey decryptionKey="F6722806843145965513817CEBDECBB1F94808E4A6C0B2F2,IsolateApps" validationKey="C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69

FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45,

IsolateApps"/> </system.web>
</configuration>  

You can copy it and paste it in the web.config file of all the servers in the webfarm.

No comments:

Post a Comment

Thank You for Your Comments. We will get back to you soon.

back to top