How to Set a Machine Key to Your Custom ASP Application
Written by Rodolfo Hernandez Tuesday, 6 November 2012
Machine key is used for authentication and security in ASP. If you have an asp application that requires login, you must set the Machine Key for security and to avoid a viewstate validation error. A viewstate validation error will log off any user connected to your application even if you set a 8 hours timeout. For that reason, In this article I will give a step by step guide on how to set a Machine Key to your ASP Application
The Machine Key <machineKey> element helps to control tamper proofing and encryption of ViewState, forms authentication tickets, and role cookies. Instead of creating a complicated function, we will use a tool to generate random machine keys.
1. Go to this address and get a random machine key. It should look like this:
<machineKey validationKey=”83BDD6F29FEF43C0256106B322F775DE77D8704CC3A5E07B9D2BD2253337374A3A64DD466D6A2CA81C6FBF27F6BFF637FC24CE8C17B0540BB191E07B90CB5DC0″ decryptionKey=”4411595512AD6A65D5C09842DB764FA1BAAC04A37FD6C7E4827D42ED8F8C496E” validation=”SHA1″ decryption=”AES” />
It is very important that you include the validation method (SHA1) and the decryption method (AES)
2. Now, open the web.config file of your custom ASP Application and paste the machine key right below the <system.web> tag and save it:
3. And that’s it, Machine Key is now set.
The importance for this is not only about securing your authentication method, it is also to avoid random application log off. If Machine Key is not set, any recycle of the application pool will generate a new key and it will give you a validation error.
This concludes How to set a Machine Key to your Custom ASP Application