Why is machinekey required in ASP. NET applications? How to generate a machinekey?

Why is machinekey required in ASP. NET applications? How to generate a machinekey?

If your ASP. NETProgramThis error occurs during execution:"Verify view statusMacFailed. If this application is hosted by a network farm or cluster, make sure that<Machinekey>The sameValidationkeyAnd VerificationAlgorithm. Cannot be used in a groupAutogenerate."So it means that you didn't allow your application to use the unified machinekey. What is the role of the machinekey? According to the msdn standard, "The key is configured to encrypt and decrypt Forms authentication cookie data and view status data, it is used to verify the non-process session status identity." That is to say, many ASP. NET encryption relies on values in machinekey, such as Forms authentication cookie and viewstate encryption. By default, Asp. net configuration is automatically generated. If a single server is okay, but the load on multiple servers is balanced, machinekey is also dynamically generated, if the machinekey values on each server are inconsistent, the encrypted results are inconsistent and the verification and viewstate cannot be shared. Therefore, for Server Load balancer of multiple servers, you must configure the same machinekey on each site.

Algorithm generated by machinekey:

Validationkey = createkey (20 );

Decryptionkey = createkey (24 );

Protected string createkey (INT Len)

{

Byte [] bytes = new byte [Len];

New rngcryptoserviceprovider (). getbytes (bytes );

Stringbuilder sb = new stringbuilder ();

For (INT I = 0; I <bytes. length; I ++)

{

SB. append (string. Format ("{0: X2}", bytes [I]);

}

Return sb. tostring ();

}

See matchinekey configuration for reference:

<? XML version = "1.0"?>

<Configuration>

<System. Web>

<Machinekey validationkey = "3ff1e929bc0534950b0920a7b59fa698bd02dfe8" decryptionkey = "encrypt" decryption = "3DES" validation = "sha1"/>

</System. Web>

</Configuration>