I need to understand how to make an ASP.NET web application FIPS compliant. To keep it simple, I created a new web application within VS 2008. I have FIPS enabled on my development machine, as the client using the web application will be a Federal agency that will enforce FIPS.
I can not even compile the new web application - as it gives me the error:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
I have read documentation and added the following elements to the web.config file:
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
<enforceFIPSPolicy enabled="false" /> (also tried <enforceFIPSPolicy enabled="0" />)
But I still get this error. Again, I want to get this to work with a brand new web application before I attempt to get it to work with my actual solution.
I am using .NET 3.5 SP1 for the framework.
Any help would be greatly appreciated.
Thanks.
Chris