Generate Machine Key For Web Config

/ Comments off

Is machine key required for a web application with single page using view state

May 08, 2017 01:10 PMragavalliLINK

  1. When you specify the same key in your web.config, the value of machine key specified in the machine.config is overridden by the one you have specified in the web.config file. Further Reading Replace the ASP.NET machineKey in ASP.NET Core - The implementation of the machineKey element in ASP.NET is replaceable.
  2. Generate Secure Machine Key Section for Web.config via PowerShell Machine Keys are used in ASP.NET for securing machines that are part of a web farm as well as for sharing encrypted application session and state information.
  3. Setting Up the Machine Key Directly in the Web.config File If you do not have access to the IIS management console, it is still possible to set-up a machine key for an Orchard application. To do so, open the web.config file that is at the root of the Orchard web site.
  4. Apr 26, 2011  Due to the nature of these keys, generating them is a perfect task for the computer. So in this article I'll present code that will generate a valid element with unique key attributes that you can use in your own web.config file. A MachineKey Generator Class. Listing 1 shows my MachineKey class.

I have created a web forms .net application which has jut got one page with four input fields.

A list of purposes for the data. If this value is specified, the same list must be passed to the Unprotect(Byte, String) method in order to decipher the returned ciphertext. For example, to protect or unprotect an authentication token, you could call the method using code like the following.

I am storing the input parameters in the view state to be available between post backs.

This application is now deployed onto live server which is actually load balanced between two servers.
When I load the page, it works fine. But this application is going to be used by
10,000 users.

There is no machine key on the web.config file for this application. I read in a documentation when a application
is loaded on a web farm(when load balanced between two servers), a machine key is required to preserve
view state information.

So I tried to generated a machine key on my local host with the following settings
Encryption method: SHA1
Decryption method: auto
Validation key:
Automatically generate at runtime (unchecked)
Generate a unique key for each application (unchecked)

Decryption key:
Automatically generate at runtime (unchecked)
Generate a unique key for each application (unchecked)

Generate Machine Key For Web.config

I used the generated keys on the web.config of live server, but the application fails to load trying to load the login
page which is not my start page.

C# Generate Machine Key

So my questions are:
1) Do I really need a machine key as the application is loading without it?
2) When thousands of users use the applicaiton page at the same time, is it alright without machine key?
3) If machine key is required, how is it generated and what encryption method, validation key and decryption key
parameters need to be used?