What different ways are Machine Keys useful in asp.net? I think the following are correct but thought there may be more.
- Multiple applications can use the same cookie
- Multiple servers can work with the same viewstate
Asked
Active
Viewed 1.7k times
3 Answers
20
MachineKey is used for:
- ViewState encryption and validation
- Forms Authentication (or Federated Authentication) uses this key for signing the authentication ticket
Having a Web App installed on multiple servers requires same Machine Key configured on all of them in order for Load Balancing to work.
To see all details, please refer to: MSDN How To: Configure MachineKey in ASP.NET 2.0
Community
- 1
- 1
Sergiu Damian
- 1,420
- 8
- 10
18
Machine key is also used to encrypt/decrypt the webresources.axd parameters.
Even on a single server the machine key should be configured, because any recycle of the app domain will generate a new key when it is set to auto. This causes the next postback just for pages rendered before the recycle, to cause a viewstate validation error, and also issues with the resources during that time.
eglasius
- 35,831
- 5
- 65
- 110
-3
Encryption - very common.
vajarov
- 1,115
- 2
- 9
- 11
-
The values in the cookies and viewstate are encrypted based on the MachineKey. Could you say what else is being encrypted? – BenMaddox Feb 15 '09 at 13:53
-
f.e. passwords by membership provider could be encrypted using machine key – mikus Apr 16 '12 at 14:48
-
1@mikus: Which is a bad idea. Hashing with a unique salt per user should be used instead. – Matti Virkkunen Jan 09 '15 at 14:25
-
pretty old stuff :D I don't think i meant encryption of user passwords to be stored in db, rather credentials to be used by the system, dont remember now – mikus Jan 09 '15 at 16:41