Live is streaming live. Watch now.

Machine Key

Machine keys help protect Forms authentication cookie data and page-level view state data. They also verify out-of-process session state identification. ASP.NET uses the following types of machine keys:

  1. A validation key computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.

  2. A decryption key is used to encrypt and decrypt Forms authentication tickets and view state.

Managed via the IIS Manager the generated key is stored in the <machineKey> element in the machine.config and must be kept in sync across all nodes of a Web Server Farm.

On PCF the <machineKey> element must be added to the web.config of the ASP.NET Application to ensure consistency for all Application instances.



On This Page