Applies To: Windows Server 2012 R2, Windows Server 2012
Use the Machine Key feature page to configure hashing and encryption settings used for application services, such as view state, Forms authentication, membership and roles, and anonymous identification. Machine keys are also used to verify out-of-process session state identification.
Note
If you deploy your application in a web farm, make sure that the configuration files on each server in the web farm have the same value for the validation key and decryption keys, which are used for hashing and decryption respectively. Otherwise, you cannot guarantee which server handles successive requests.
The following tables describe the UI elements that are available on the feature page and in the Actions pane.
Feature Page Elements
Element Name
Description
Validation method
Select one of the following options to specify the validation method the machine key uses:
AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.
MD5 - Message Digest 5 (MD5) is used for digital signing of applications, for example, mail messages. This method produces a 128-bit message digest, which is a compressed form of the original data. MD5 can provide some protection against computer viruses and programs that mimic harmless applications but are destructive.
SHA1 – This method is the default setting. SHA1 is considered to be more secure than MD5 because it produces a 160-bit message digest. Use SHA1 encryption whenever possible.
TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of Data Encryption Standard (DES). It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.
HMACSHA256 - Hash-based Message Authentication Code (HMAC) mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 256 bits in length.
HMACSHA384 - Hash-based Message Authentication Code (HMAC) with an output has that is 384 bits long.
HMACSHA512 - Hash-based Message Authentication Code (HMAC) with an output has that is 512 bits long.
Encryption method
Select one of the following options to specify the encryption method the machine key uses:
Auto – This method is the default setting. Auto works with whichever encryption method you specified.
AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.
TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of DES. It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.
DES - Data Encryption Standard (DES) uses a 56-bit key to both encrypt and decrypt data. If your server, site, or application does not require the strongest security, consider using DES.
Validation key
Computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.
Select one of the following options to specify how the validation key is generated:
Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.
Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a web farm, duplicate your application's key across all servers in the farm.
Decryption key
Used to encrypt and decrypt Forms authentication tickets and view state.
Select one of the following options to specify how the decryption key is generated:
Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.
Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a web farm, duplicate your application's key across all servers in the farm.
Actions Pane Elements
Element Name
Description
Apply
Saves the changes that you have made on the feature page.
Cancel
Cancels the changes that you have made on the feature page.
Generate Keys
Generates a validation key and a decryption key in the corresponding boxes on the feature page.