Configuring Machine Keys in IIS 7

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Machine keys help protect Forms authentication cookie data and page-level view state data. They also verify out-of-process session state identification. ASP.NET uses the following types of machine keys:

  • A validation key computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.

  • A decryption key is used to encrypt and decrypt Forms authentication tickets and view state.

For information about the levels at which you can perform these procedures, and the modules, handlers, and permissions that are required for these procedures, see Machine Keys Feature Requirements (IIS 7).

Community Additions