Use encryption methods that are available in .NET Framework version 4.5 and later versions. Compared to the encryption methods that are used for Framework20SP1 and Framework20SP2, the ciphertext that is generated by the default cryptographic routines is slightly smaller and is more resilient against certain classes of theoretical attacks. They also integrate with Windows 8 directory key management in order to get required cryptographic keys. This option also enables you to specify custom cryptographic routines by writing a class that derives from DataProtector and specifying the class name in the MachineKeySection.DataProtectorType property.
The following configuration requirements apply to this option:
1. If the MachineKeySection.DataProtectorType property has a value, the MachineKeySection.ApplicationName property must also have a value.
2. The MachineKeySection.Validation attribute must specify a system-defined validation algorithm (such as MD5, SHA1, HMACSHA256, HMACSHA384, or HMACSHA512) or a custom validation algorithm in a class that derives from the System.Security.Cryptography.KeyedHashAlgorithm class. The values AES and 3DES are not validation algorithms.
When you specify this option, forms authentication tickets are always both encrypted and signed, regardless of the value specified for the FormsAuthenticationConfiguration.Protection property. View state is also both encrypted and signed if a page's EnableViewStateMac property is true or the ViewStateEncryptionMode property is Always.