Error: The 'validation' attribute is invalid. Enum must be one of MD5, SHA1, 3DES, AES
Recently I worked with one of the customer who was having a SharePoint website hosted on his Windows Server 2008 R2 (IIS 7.5) environment.
This site was configured to use Machine Key setting validation="HMACSHA256" which according to thisblog, is an acceptable value included with .NET 4.0.
From within IIS Manager, browsing to the Machine Key icon, we receive the below error message:
Machine Key
---------------------------
There was an error while performing this operation.
Details:
Filename: \\?\C:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config
Line number: 419
Error: The 'validation' attribute is invalid. Enum must be one of MD5, SHA1, 3DES, AES
This does not occur in a Windows Server 2012 and higher (IIS 8.X) environment. However, the same issue is reproducible in Windows Server 2008 R2.
Resolution
The error we are getting is because of Aspnet_Schemafile not having the validation attribute defined. The .NET framework itself supports it (4.0+) as you would have seen in the link below:
https://msdn.microsoft.com/en-us/library/vstudio/w8h3skw9(v=vs.100).aspx
Is there an Impact?
If we use the encryption, decryption method as HMACSHA256 in our application, although the IIS UI throws an error, the application should still work.
How do we overcome the IIS UI error ?
We need to edit the ASPNET_schema.xml located in “C:\Windows\System32\inetsrv\config\schema” to accommodate HMACSHA256 as shown below:
<attribute name="validation" type="enum" defaultValue="SHA1"> <enum name="MD5" value="0" /> <enum name="SHA1" value="1" /> <enum name="3DES" value="2" /> <enum name="AES" value="3" /> <enum name="HMACSHA256" value="4" /> </attribute> |
However, note that it won’t be there in the drop down in the IIS Machine Key UI. Even for editing it, we need to play around with too many permissions. If possible, avoid the changes.