Migrating MachineKey from iis6 on old server to iis7 on new server

I am migrating our hosting environment to a totally new data center with new boxes and hardware and software... the whole deal.

Our website cookies are encrypted using the machineKey, so when I make a request to my domain and point it to the new web server (by overriding the local hosts file), I get an error because the cookie cannot be decrypted, since the Machine Key is different. I'd like to avoid any problems a frequent user might have when they arrive at the new server for the first time.

To the best of my knowledge, at this point I think I need to set the same MachineKey from our current servers on our new servers. This way when past visitors with a cookie arrive at our website served by the new server, the cookie will be decrypted properly with the MachineKey it was encrypted with and then log them in properly.

My question is where do I find my MachineKey value (in IIS 6 win2k3 server) so I can use that value to set it statically on my new servers? I've pulled up my machine.config file, but it doesn't specify the key, it only specifies a configSection where the key can be defined. It's not in my web.config for the app or elsewhere.

I did find this great article on some MachineKey and Web Garden woes (which could explain some other bugs I've been experiencing with regard to the machineKey).

Update I am back to this issue and am still faced with a similar problem. I have the MachineKey auto-generated on the IIS6 server but I need to get that exact key so I can set it explicitly and not have it auto-generated anymore.

Any help is appreciated...

@scope-creep thanks, I did see that one before and looked through it more carefully this time around. It did help some, but presented some more questions. This article http://nicholas.piasecki.name/blog/2009/02/on-web-gardens-aspnet-and-iis-60/ helped the most. I found the registry keys where the machine key is stored, however I am trying to figure out how to get the proper value out of those keys, as they are stored encrypted as well.

MaseBase 2010-03-10 22:43:38

I suspect your stuck. Have you tried looking in C:\ProgramData\Microsoft\Crypto\Keys

scope_creep 2010-03-11 17:22:20

Try this. C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

scope_creep 2010-03-11 17:31:39

This is great! however that article is in C# 3.5 and I'm stuck in 2.0. I have been trying to get at these internal properties using reflection and had no luck yet.

MaseBase 2010-03-20 00:24:37

This was the right answer for me, but I have no check mark to mark it right! It took me a while to get the reflection code right since the link had it in .NET 3.5 and I was in .NET 2.0 -- don't use reflection much, but it did solve my problem!

MaseBase 2010-04-09 00:02:46

Yes, I do not want to keep it as auto-generate, but I don't want to start with another new key. What I'm looking to do is get the current auto-generated key, so I can SET that and ensure that my cookies and encrypted data can be accessed moving forward.

MaseBase 2010-03-20 00:25:44

I don't think it is worth the pain MaseBase. You have to set it on all the machines anyways to make it work. AFAIK, current auto-generate key changes when you reset IIS/machine.

Rahul Soni 2010-03-22 03:14:48

ansaurus

tags:

views:

answers:

Migrating MachineKey from iis6 on old server to iis7 on new server

related questions