Machine Key generation feature not exist in latest IIS Version

Asked 13/8, 2014 at 5:10 Answered 6/8, 2018 at 5:11

Answering one of the recent question on SO, i encountered this anomaly.

This msdn blog suggests using IIS to generate machine key, which looks more secure to me as Microsoft tool being used. However, it seems this feature is only supported until IIS 7 or less.

I don't find it on my box IIS 8.5. I checked on IIS 7.5 and its not present there either. However, I found it in IIS 6.1 on a coworker box.

I am wondering whether:

It still exist in IIS latest versions, if yes, how to use it?
If it is removed from latest version of IIS, what's suggested approach from Microsoft to generate a secure enough machine key?
Is it safe to use these custom generators?

a. Machine Key Generator (online)

b. ASP.NET machineKey Generator (tool you can modify)

Lauralee answered 13/8, 2014 at 5:10 Comment(0)

See https://support.microsoft.com/kb/2915218#AppendixA for information on how to generate a <machineKey> element. There's a script there that you can copy & paste into a Powershell window.

Reminder: only use keys that you generated yourself on your own machine. Never use an online generator.

Debag answered 15/8, 2014 at 16:53 Comment(3)

Thanks Levi, +1 for pointing me to Powershell script. I am just curious to know about IIS support as mentioned in my question. – Lauralee 17/8, 2014 at 11:27

I'm not really familiar with PowerShell. Could you tell me how do you run that script? I've been searching on the web, but can make it spit out the key. – Haworth 8/1, 2015 at 20:4

For anyone that sees this, I was just as confused as gligoran. Turns out you can just copy and paste the script into powershell, press enter and then the next line type Generate-MachineKey and it spits out the web.config code. It was a little slow on my computer, but might be different on yours. – Erickson 1/6, 2015 at 14:21

As for mentioned by @ryanulit, you can just copy the script directly to your PowerShell window

Steps :

Open powershell window (anywhere is fine)
Copy the script from the microsoft link and paste in your powershell window and press enter
Type Generate-MachineKey -validationAlgorithm SHA1
That's it. Your machine key description will show up in the window. PowerShell image sample from my PC

Script Link from Microsoft http://support.microsoft.com/kb/2915218#AppendixA

Barbe answered 2/6, 2017 at 3:33 Comment(0)

I know I came to very late to provide this answer. Hope this helps for any others.

I'm using the latest IIS 10(which is the latest)

By default, the Machine Key feature is not installed when enabling the Internet Information Service in the windows features.

You need to install ASP.NET XX from the World Wide Web Service

After installing this, you can generate your keys from the Machine Key Option.

Gertrude answered 6/8, 2018 at 5:11 Comment(0)

Make a copy of the administration.config file in C:\Windows\System32\inetsrv\config. Then, in the <moduleProviders> node under  remove the MachineKey node. Then run iisreset. Re-open IIS and see if the ASP.NET area is present. If it is, put the MachineKey node back in the administration.config file (or just re-instate the original config file) and run iisreset again.

Quigley answered 22/5, 2015 at 12:59 Comment(0)

Recommended topics

Hot tags