Duration (Pacific Standard Time):
To (Pacific Standard Time):
  • None
User Action:
  • None

MachineKeyCompatibilityMode Enumeration


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Specifies which encryption methods can be used.

Namespace:   System.Web.Configuration
Assembly:  System.Web (in System.Web.dll)

Public Enumeration MachineKeyCompatibilityMode
Member name Description

Use the encryption methods that were implemented in .NET Framework versions earlier than version 2.0 Service Pack 2. Initialization vectors (IVs) are used for all encryption operations except for storing encrypted passwords in the ASP.NET membership database.


Use the stronger encryption methods that are available in .NET Framework version 2.0 SP2 and later versions. Initialization vectors (IVs) are used for all encryption operations.


Use encryption methods that are available in .NET Framework version 4.5 and later versions. Compared to the encryption methods that are used for Framework20SP1 and Framework20SP2, the ciphertext that is generated by the default cryptographic routines is slightly smaller and is more resilient against certain classes of theoretical attacks. They also integrate with Windows 8 directory key management in order to get required cryptographic keys. This option also enables you to specify custom cryptographic routines by writing a class that derives from DataProtector and specifying the class name in the MachineKeySection.DataProtectorType property.

The following configuration requirements apply to this option:

1. If the MachineKeySection.DataProtectorType property has a value, the MachineKeySection.ApplicationName property must also have a value.

2. The MachineKeySection.Validation attribute must specify a system-defined validation algorithm (such as MD5, SHA1, HMACSHA256, HMACSHA384, or HMACSHA512) or a custom validation algorithm in a class that derives from the System.Security.Cryptography.KeyedHashAlgorithm class. The values AES and 3DES are not validation algorithms.

When you specify this option, forms authentication tickets are always both encrypted and signed, regardless of the value specified for the FormsAuthenticationConfiguration.Protection property. View state is also both encrypted and signed if a page's EnableViewStateMac property is true or the ViewStateEncryptionMode property is Always.

You use the MachineKeyCompatibilityMode values when you set the CompatibilityMode property.

.NET Framework
Available since 2.0
Return to top