views:

289

answers:

2

I find myself wanting to get the ASP.NET machine key for the current application. This is, of course, easy if a machine key is specified in the configuration file, but if it's set to auto generate then there doesn't seem to be a public method anywhere to get it.

Basically I want at it so I can write an encrypted/MACed cookie for myself, just like the ASP.NET Forms Authentication provider does.

Does anyone have any pointers or ideas?

+1  A: 

If the ASP.NET Forms Authentication provider can access it then have you tried looking at the provider source code? (I think this is the correct location, ScottGu's original blog post on the subject has had broken links since they updated MSDN)

tjrobinson
The Forms Auth provider can get at it because there are internal methods to allow it :)
blowdart
And I assume it's not possible to reproduce those methods because the source for those internal methods isn't available?
tjrobinson
They're available, kind of, but the actual backing store for the auto generated MAC key isn't, so even if used reflector, cut and pasted the methods, the actual key itself seems inaccessible. Which makes me wonder if I missed something!
blowdart
A: 

Do you actually NEED the key? Or just to encrypt and decrypt the data?

System.Web.Security.FormsAuthentication (.NET 2.0) has public Encrypt/Decrypt methods. These use System.Web.Configuration.MachineKeySection EncryptOrDecryptData, ByteArrayToHexString and HexStringToByteArray to encrypt and decrypt the data.

EncryptOrDecryptData handles loading / configuring the key data from config files/AutoGenerate as required.

Encrypt And Decrypt should be available via the source code downloads or reflector and readily converted to your purpose.

Roger Willcocks
Wow, that was a while back. And yes, I did need the machine key specifically.
blowdart