Partilhar via


<machineKey> Element

Configures keys to use for encryption and decryption of forms authentication cookie data and view state data, and for verification of out-of-process session state identification. This section can be declared at the machine, site, and application levels, but not at the subdirectory level.

<configuration>
   <system.web>
      <machineKey>

<machineKey validationKey="AutoGenerate|value[,IsolateApps]"
            decryptionKey="AutoGenerate|value[,IsolateApps]"
            validation="SHA1|MD5|3DES"/>

Required Attributes

Attribute Option Description
validationKey     Specifies the key used for validation of encrypted data. validationKey is used when enableViewStateMAC is true to create a message authentication code (MAC) to ensure that view state has not been tampered with. validationKey is also used to generate out-of-process, application-specific session IDs to ensure that session state variables are isolated between sessions.
    AutoGenerate Specifies that ASP.NET generates a random key and stores it in the Local Security Authority (LSA). The AutoGenerate option is the default value. If you add the IsolateApps modifier to the validationKey value, ASP.NET generates a unique encrypted key for each application using each application's application ID.
    value Specifies a manually assigned validation key. This value must be manually set to ensure consistent configuration across a network of Web servers (a Web farm). The key must be a minimum of 40 characters (20 bytes) and a maximum of 128 characters (64 bytes) long. If keys shorter than the maximum length are used, they should be created by a truly random means, such as by using RNGCryptoServiceProvider. The recommended key length is 128 hexadecimal characters. If you add the IsolateApps modifier to the validationKey value, ASP.NET generates a unique encrypted key for each application using each application's application ID.
decryptionKey     Specifies the key used to encrypt data. decryptionKey is used for Forms authentication encryption and decryption and for view state encryption when validation is 3DES.
    AutoGenerate Specifies that ASP.NET generates a random key and stores it in the LSA. The AutoGenerate option is the default value. If you add the IsolateApps modifier to the decryptionKey value, ASP.NET generates a unique encrypted key for each application using each application's application ID.
    value Specifies a manually assigned key. This value must be manually set to a string of hexadecimal characters to ensure consistent configuration across a Web farm. The key should be 16 characters in length when using DES encryption and 48 characters in length when using Triple DES encryption. If keys shorter than the maximum length are used, they should be created by a truly random means, such as by using RNGCryptoServiceProvider. ASP.NET can use Triple DES only on computers on which 128-bit encryption is available. If you add the IsolateApps modifier to the decryptionKey value, ASP.NET generates a unique encrypted key for each application using each application's application ID.
validation     Specifies the type of encryption used for validation of data.
    SHA1 Specifies that ASP.NET uses SHA1 encryption.
    MD5 Specifies that ASP.NET uses MD5 encryption.
    3DES Specifies that ASP.NET uses Triple-DES (3DES) encryption. When 3DES is specified, forms authentication defaults to SHA1. When the validation attribute is set to 3DES, the view state validation technique uses 3DES encryption.

Example

The following example sets both validationKey and decryptionKey to AutoGenerate. The isolateApps option is specified to generate unique keys for each application on the server.

<machineKey validationKey="AutoGenerate,IsolateApps" 
            decryptionKey="AutoGenerate,IsolateApps" 
            validation="SHA1"/>

Requirements

Contained Within: <system.web>

Web Platform: IIS 5.0, IIS 5.1, IIS 6.0

Configuration File: Machine.config, Web.config

Configuration Section Handler: System.Web.Configuration.MachineKeyConfigHandler

See Also

ASP.NET Configuration | ASP.NET Settings Schema