What different ways are Machine Keys useful in asp.net? I think the following are correct but thought there may be more.
- Multiple applications can use the same cookie
- Multiple servers can work with the same viewstate
Uses for MachineKey in ASP.NET
@Ben found this question while looking for another info, added some missing info in an answer. –
Frieda
MachineKey is used for:
- ViewState encryption and validation
- Forms Authentication (or Federated Authentication) uses this key for signing the authentication ticket
Having a Web App installed on multiple servers requires same Machine Key configured on all of them in order for Load Balancing to work.
To see all details, please refer to: MSDN How To: Configure MachineKey in ASP.NET 2.0
Machine key is also used to encrypt/decrypt the webresources.axd parameters.
Even on a single server the machine key should be configured, because any recycle of the app domain will generate a new key when it is set to auto. This causes the next postback just for pages rendered before the recycle, to cause a viewstate validation error, and also issues with the resources during that time.
Encryption - very common.
The values in the cookies and viewstate are encrypted based on the MachineKey. Could you say what else is being encrypted? –
Fungal
f.e. passwords by membership provider could be encrypted using machine key –
Aubreyaubrie
@mikus: Which is a bad idea. Hashing with a unique salt per user should be used instead. –
Longshore
pretty old stuff :D I don't think i meant encryption of user passwords to be stored in db, rather credentials to be used by the system, dont remember now –
Aubreyaubrie
© 2022 - 2024 — McMap. All rights reserved.