Computer keys help protect Forms authentication Cookie data and page-level view status data. They are also used to verify the identity of the off-process session status. ASP. NET uses the following types of computer keys:
-Verification key, used to calculate the message Verification Code (MAC) to confirm data integrity. This key is appended to the form authentication Cookie or view status of a specific page.
-Decryption key, used to encrypt and decrypt Forms authentication tickets and view statuses.
1) generate a computer key
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", right-click "computer key" and click "enable feature ".
3. On the "computer key" Page, select an encryption method from the "encryption method" drop-down list. The default encryption method is "SHA1 ".
4. Select a decryption method from the "Decryption Method" drop-down list. The default decryption method is "automatic ".
5. You can also configure the verification key and decryption key settings.
6. In the actions pane, click Generate key, and then click Apply ".
2) Select the computer key encryption method
By selecting a good computer key encryption method, you can enhance the security of your computer key.
The following encryption methods are available:
-Advanced Encryption Standard (AES) is relatively easy to implement and requires a small amount of memory. The key size of AES is 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, while the public key method must use a pair of keys.
-Message Digest 5 (MD5) is used to digitally sign applications such as emails. This method generates a 128-bit hash, which is a compression format for raw data. MD5 can provide some protection, tests, and prompts to prevent computer viruses and attacks that appear harmless to some programs, but are actually destructive. These programs are called Trojan horses.
-SHA1 is the default encryption method. It is considered to be safer than MD5 because it generates a 160-bit message digest. Try to use SHA1 encryption.
-The Triple Data Encryption Standard (TripleDES) is slightly different from the Data Encryption Standard (DES. It is three times slower than common DES, but it is more secure because its key size is 192 bits. If performance is not a major concern, use TripleDES.
The specific implementation steps are as follows:
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. On the "computer key" Page, select an encryption method from the "encryption method" drop-down list. The default encryption method is "SHA1 ".
4. In the actions pane, click applications ".
3) Select the Computer Key decryption method
Similar to the encryption method, perform the following steps:
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. On the "computer key" Page, select a decryption method from the "Decryption Method" drop-down list. The default decryption method is "automatic ".
4. In the actions pane, click applications ".
4) generate verification keys at runtime
If you want ASP. NET to create a random key and store it in the local security organization (LSA), you need to generate a verification key at runtime. By default, the verification key is generated at runtime. This key ensures that Forms authentication tickets are not tampered with and encrypted, and view statuses are not tampered. By generating a verification key at run time, the server can also detect all modifications made to the view status or authentication ticket during data processing, regardless of whether the modification is made on the client computer or through the network.
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. Under "verify key" on the "computer key" Page, select the "auto generate at runtime" check box, and click "application" in the "operations" pane ".
5) generate a unique verification key for each application
When you want ASP. NET to create a random key, you can generate a unique authentication key for each application. The Local Security Organization (LSA) uses the Application ID of each application to create this key. LSA then stores the key on the Web server.
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. Under "verify key" on the "computer key" Page, select the "generate a unique key for each application" check box, and click "application" in the "operations" pane ".
6) generate a decryption key at runtime
If we want ASP. NET to generate a random key and store it in the local security organization (LSA), we need to generate a decryption key at runtime. By default, a decryption key is generated at runtime. This key ensures that Forms authentication tickets are not tampered with and encrypted, and view statuses are not tampered. By generating a decryption key at run time, the server can also detect all modifications made to the view status or authentication ticket during data processing, regardless of whether the modification is made on the client computer or through the network.
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. Under "decrypt key" on the "computer key" Page, select the "automatically generated at runtime" check box and click "application" in the "operations" pane ".
7) generate a unique verification key for each application
When you want ASP. NET to create a random key, you can generate a unique authentication key for each application. The Local Security Organization (LSA) uses the Application ID of each application to create this key. LSA then stores the key on the Web server.
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. Under "verify key" on the "computer key" Page, select the "generate a unique key for each application" check box, and click "application" in the "operations" pane ".
8) generate a computer key for the Web site
To use Forms authentication between multiple computers in the Web farm configuration, you must manually generate specific authentication and decryption key values and use these values on all computers in the Web farm.
1. Open the IIS manager and navigate to the level to be managed.
2. In "function View", double-click "computer key ".
3. to generate a specific verification and decryption key value for the Web farm, go to the "computer key" page, clear "generate a unique key for each application" for the verification key and decryption key, and then clear "automatically generated at runtime ", click Generate key in the actions pane to create a specific key value.
4. In the actions pane, click applications ".
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
