Trying to transfer servers but a connection string is encrypted and there is no machinekey set in the web.config. Is there anyway to find out what the machinekey was on the old server so we can set it on the new server? ...
What different ways are Machine Keys useful in asp.net? I think the following are correct but thought there may be more. Multiple applications can use the same cookie Multiple servers can work with the same viewstate ...
I am having some trouble understanding the documentation on machinekey. What algorithm is being used to encrypt/decrypt the forms authentication ticket when the decryption attribute is not set. I have: <machineKey validationKey="128CharacterKey" decryptionKey="48CharacterKey" validation="3DES"/> I found some documentation saying that ...
I am getting this exception from my ASP .net application running in a webfarm. Exception Type: System.Web.HttpException Exception Message: Unable to validate data. ---- Stack Trace ---- System.Web.Configuration.MachineKeySection.GetDecodedData(buf As Byte[], modifier As Byte[], start As Int32, length As Int32, dataLength As Int32&) ...
We have a long-lived ASP.NET 3.5 application we are moving from a physical server running Windows 2005+IIS 6 to a virtual one running Windows 2008+IIS7. The new machine will assume the identify of the old one - IP's, DNS, etc. Our clients keep our site up for hours - sometimes even days. My fear is that when we make this switch-over, su...
I find myself wanting to get the ASP.NET machine key for the current application. This is, of course, easy if a machine key is specified in the configuration file, but if it's set to auto generate then there doesn't seem to be a public method anywhere to get it. Basically I want at it so I can write an encrypted/MACed cookie for myself,...
To enable single sign-on for a web application and a web application in a virtual directory, I set the machinekey in both apps to the same: <machineKey validationKey="xxx" decryptionKey="yy" validation="SHA1" /> The single sign on works just fine, but existing users can't sign in any more; their passwords are rejected. The machinekey ...
I am migrating our hosting environment to a totally new data center with new boxes and hardware and software... the whole deal. Our website cookies are encrypted using the machineKey, so when I make a request to my domain and point it to the new web server (by overriding the local hosts file), I get an error because the cookie cannot be...
I have 2 web applications where I have to set the machine key to be the same in the web.config. Where do I get the machine key from? ...
We have a scenario using asp.net Forms Authentication in a web farm and need to setup identical <machinekey /> sections on each servers .config file. Is it better to store the <machinekey /> section in machine.config rather then web.config? what's the advantages and disadvantages of each approach concerning security? <machineKey valida...
I have an existing app in production that uses SqlMembershipProvider and has a specified machine key: <machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/> It runs under .Net 2.0 AppPool currently. I'm writing a new application that has to use the existing database, which I have a backu...
Where can I learn how WebResources.axd or ScriptResources.axd actually works? What is the string that is appended to the .axd? Does this string change, or is it constant? Is it page, session specific? Can these files be cached on a proxy? How does it work internally? This is especially important after the ASP.NET vulnerability was ...
Where do I find the machineKey config section for ASP.NET? I don't have one in my application Web.config, there isn't one in the root Web.config and there isn't one in my machine.config. Does this mean there is some other default hardcoded into ASP.NET? If so, what are the defaults? (For .NET 2 and 4) Having read this: http://msdn.mic...
Persistence doesn't work in my web application on one server while it does on another. On the server that it doesn't work on (a shared hosting environment), the persistence is lost anytime the app pool recycles. When it recycles the machine key changes automatically and that affects the encryption of the cookie. When the machine key chan...
We (out IT partner really) recently changed some DNS for a web farmed site we have so that the two production server have round-robin DNS switching between the two. Prior to this switch we didn't really have problems with WebResource.axd files. Since the switch, when we hit the live public URL, we get an error: CryptographicException...
Hi Guys, something weird is happening! is a couple of days that my users are experincing a "logging out" isses, the error message is: Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. Here the data: the website is running on 3 server behind a load balancer yes, machi...