Use the Machine Key feature page to configure encryption and decryption keys used to help protect Forms authentication cookie data and page-level view state data. Machine keys are also used to verify out-of-process session state identification.

Note

If you deploy your application in a Web farm, make sure that the configuration files on each server in the Web farm have the same value for the validation key and decryption keys, which are used for hashing and decryption respectively. Otherwise, you cannot guarantee which server will handle successive requests.

UI Element List

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

Feature Page Elements

Element NameDescription

Encryption method

Select one of the following options to specify the encryption method the machine key will use:

  • AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.

  • MD5 - Message Digest 5 (MD5) is used for digital signing of applications, for example, mail messages. This method produces a 128-bit message digest, which is a compressed form of the original data. MD5 can provide some protection against computer viruses and programs that mimic harmless applications but are actually destructive.

  • SHA1 - This is the default setting. SHA1 is considered to be more secure than MD5 because it produces a 160-bit message digest. You should use SHA1 encryption whenever possible.

  • TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of Data Encryption Standard (DES). It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.

Decryption method

Select one of the following options to specify the decryption method the machine key will use:

  • Auto - This is the default setting. Auto works with whichever encryption method you specified.

  • AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.

  • TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of DES. It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.

  • DES - Data Encryption Standard (DES) uses a 56-bit key to both encrypt and decrypt data. If your server, site, or application does not require the strongest security, consider using DES.

Validation key

Computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.

Select one of the following options to specify how the validation key is generated:

  • Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.

  • Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a Web farm, duplicate your application's key across all servers in the farm.

Decryption key

Used to encrypt and decrypt Forms authentication tickets and view state.

Select one of the following options to specify how the decryption key is generated:

  • Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.

  • Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a Web farm, duplicate your application's key across all servers in the farm.

Actions Pane Elements

Element NameDescription

Apply

Saves the changes that you have made on the feature page.

Cancel

Cancels the changes that you have made on the feature page.

Generate Keys

Generates a validation key and a decryption key in the corresponding boxes on the feature page.

See Also


Table Of Contents