3

I have deployed an asp.net mvc 5 website to our client's testing server and got the following error when i browsed to a page with a form on it:

"Decryption key specified has invalid hex characters"

Looking at the stack trace i can see that this is caused by the anti forgery token used on the forms which uses: System.Web.Security.Cryptography.MachineKeyMasterKeyProvider.GenerateCryptographicKey().

I fixed this issue by adding the the machine key element to the web.config, as described in the first answer to this question, and many others.

Having read up on this issue on StackOverflow, and elsewhere, i can't understand why it would be necessary on the server i deployed to. It seems that explicitly defining the machine key in the web.config should only be a requirement if the server is part of a 'web farm' but the environment i deployed to was a single server. In addition neither myself or any other developers i work with have had this issue when running the site locally or on our internal development server.

Can anyone help me to understand why adding the machine key to the web.config would be necessary on a single server setup? Could it be to do with a setting on the server itself?

Ideally i'd like to not have to specify the machine key but my primary concern is to get a full understanding of what might be the cause of this error.

Any suggestions or information would be welcome

Community
  • 1
  • 1
dotcentric-samb
  • 121
  • 13

1 Answers1

0

I've run into this issue and without being able to change the machine.config file I had to update the local web.config at the web app level to include the machineKey node and overwrite machine level values. Interesting enough at first I tried only including the decryption and validation keys which didn't work:

<machineKey decryptionKey="513A71A2266CD92E99AA2970F18AE3F8A14DE3625BDD5792FB4AC15F9004693D" validationKey="FBC9407A7ECE1C60741B44303670247CBE2E08B0658ED1031CF4A2582BDDFA4CD2E27201B083A5DF39C56C2D5B91674BD4FAB2EE644FB067D2C43633D3E6A724" />

Including the machine key with both the decryption and validation keys and specifying the decryption and validation algorithms fixed the issue for me:

<machineKey decryptionKey="513A71A2266CD92E99AA2970F18AE3F8A14DE3625BDD5792FB4AC15F9004693D" validationKey="FBC9407A7ECE1C60741B44303670247CBE2E08B0658ED1031CF4A2582BDDFA4CD2E27201B083A5DF39C56C2D5B91674BD4FAB2EE644FB067D2C43633D3E6A724" validation="SHA1" decryption="AES" />

I hope this is of help to someone!

Canica
  • 2,650
  • 3
  • 18
  • 34