ASP 101 - Active Server Pages 101 - Web01
The Place ASP Developers Go!

Please visit our partners


Windows Technology Windows Technology
15 Seconds
4GuysFromRolla.com
ASP 101
ASP Wire
VB Forums
VB Wire
WinDrivers.com
internet.commerce internet.commerce
Partners & Affiliates
ASP 101 is an
internet.com site		 ASP 101 is an internet.com site
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash



 Top ASP 101 Stories Top ASP 101 Stories
Migrating to ASP.NET
Getting Scripts to Run on a Schedule
The Top 10 ASP Links @ Microsoft.com
QUICK TIP:
Modifying File Timestamps
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates


Quick Tips

ASP.NET's MachineKey Element and Web Farms

I was reading through Scott Mitchell's article Key Configuration Settings When Deploying a Web Application over on 4GuysFromRolla when something occurred to me. While the article is full of great information, the one deployment issue that caught me off guard the first time I deployed an ASP.NET Web site to a server farm isn't mentioned. Those of you who have deployed to a Web farm probably already know that I'm talking about the <machineKey> setting. It's a simple little setting, but can cause some interesting problems.

The machineKey element is where you configure the keys that ASP.NET will use to encrypt and decrypt data for your application. This includes forms authentication cookies, out-of-process session state information, and viewstate data. By default, ASP.NET generates the keys for you automatically. This normally works great... as long as your application runs on only one server.

The problems start when you add a second server to the mix. If a user happens to bounce from one server to the other (ie. non-sticky sessions or a server goes down), the keys on the second server won't match those from the first. After all each server automatically generated its own unique key. The first symptom you'll probably notice is viewstate errors. In order to ensure users don't tamper with your site's viewstate, ASP.NET includes the machineKey information in it. If it comes back and the keys don't match, the server will throw an error stating that the viewstate is invalid.

The solution is to find a way to get the keys to match. The way to do that is to simply set them yourself. The setting goes in the <system.web> section of your machine.config or web.config file and looks like this:

    <machineKey
        validationKey="0000...0000"
        decryptionKey="00...00"
        validation="SHA1"
        decryption="AES"
    />

The values for validationKey and decryptionKey are the things you'll want to set and keep to yourself. They're normally 64 bytes (128 hex characters) and 32 bytes (64 hex characters) respectively. Creating your own is pretty easy, but if you want some help, simply do a Web search for "machineKey generator" and you'll find plenty of online tools that will generate one for you.

Once you choose a value, the only thing left to do is make sure it's the same on every server in the Web farm. Generally each application should have a different key, but each application's key needs to be the same on all the servers on which that application runs. Personally, I find it easiest to simply set the key in my application's web.config file. That way the key gets copied to the servers right along with the application.

For more information on the machineKey element, you may find the following links helpful:

Previous      Show All Tips      Next

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.

Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback

Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers