views:

334

answers:

3

I am migrating our hosting environment to a totally new data center with new boxes and hardware and software... the whole deal.

Our website cookies are encrypted using the machineKey, so when I make a request to my domain and point it to the new web server (by overriding the local hosts file), I get an error because the cookie cannot be decrypted, since the Machine Key is different. I'd like to avoid any problems a frequent user might have when they arrive at the new server for the first time.

To the best of my knowledge, at this point I think I need to set the same MachineKey from our current servers on our new servers. This way when past visitors with a cookie arrive at our website served by the new server, the cookie will be decrypted properly with the MachineKey it was encrypted with and then log them in properly.

My question is where do I find my MachineKey value (in IIS 6 win2k3 server) so I can use that value to set it statically on my new servers? I've pulled up my machine.config file, but it doesn't specify the key, it only specifies a configSection where the key can be defined. It's not in my web.config for the app or elsewhere.

I did find this great article on some MachineKey and Web Garden woes (which could explain some other bugs I've been experiencing with regard to the machineKey).

Update I am back to this issue and am still faced with a similar problem. I have the MachineKey auto-generated on the IIS6 server but I need to get that exact key so I can set it explicitly and not have it auto-generated anymore.

Any help is appreciated...

A: 

MaseBase, have you seen this question with answers on Stack overflow at ASP.NET migration

scope_creep
@scope-creep thanks, I did see that one before and looked through it more carefully this time around. It did help some, but presented some more questions. This article http://nicholas.piasecki.name/blog/2009/02/on-web-gardens-aspnet-and-iis-60/ helped the most. I found the registry keys where the machine key is stored, however I am trying to figure out how to get the proper value out of those keys, as they are stored encrypted as well.
MaseBase
I suspect your stuck. Have you tried looking in C:\ProgramData\Microsoft\Crypto\Keys
scope_creep
Try this. C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
scope_creep
+1  A: 

Have you seen this?

Looks like you can retrieve it by looking at

  • System.Web.Configuration.MachineKeySecion.DecryptionKeyInternal and
  • System.Web.Configuration.MachineKeySecion.ValidationKeyInternal

These are internal however, so you'll have to use reflection.

Josef
This is great! however that article is in C# 3.5 and I'm stuck in 2.0. I have been trying to get at these internal properties using reflection and had no luck yet.
MaseBase
This was the right answer for me, but I have no check mark to mark it right! It took me a while to get the reflection code right since the link had it in .NET 3.5 and I was in .NET 2.0 -- don't use reflection much, but it did solve my problem!
MaseBase
A: 

There are two machineKeys that you can use. I am not sure which one you are using to encrypt. But here are the two machinekeys anyways...

  1. C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
  2. http://support.microsoft.com/kb/312906. You shouldn't keep it as AutoGenerate, else the machineKeys will be autogenerated on all the machines and hence, it would be different.

HTH, Rahul

Rahul Soni
Yes, I do not want to keep it as auto-generate, but I don't want to start with another new key. What I'm looking to do is get the current auto-generated key, so I can SET that and ensure that my cookies and encrypted data can be accessed moving forward.
MaseBase
I don't think it is worth the pain MaseBase. You have to set it on all the machines anyways to make it work. AFAIK, current auto-generate key changes when you reset IIS/machine.
Rahul Soni