You can set to generate a key at runtime and also a unique for each application: 4. After changing the values, click on “Generate Keys“: 5. Finally, you will see the keys generated. Click Apply to set the machine key: 6. And that’s it! A machine key has been generated and applied! This concludes Generate Machine Key with IIS Manager. Jun 04, 2017 How to create CSR and private key from IIS. Depending on how you generate your certificate you might need to use the private key that IIS used to create this CSR. Here’s how to extract it. My question is where do I find my MachineKey value (in IIS 6 win2k3 server) so I can use that value to set it statically on my new servers? I've pulled up my machine.config file, but it doesn't specify the key, it only specifies a configSection where the key can be defined. It's not in my web.config for the app or elsewhere. Dec 19, 2014 Open your IIS Manager from Administrative tool - Internet Information Services Manager. In Connection pane on left side of window, click on the website. Double click on Machine Key icon as shown below. You will see Machine key page, default encryption method is SHA1, you can change it from dropdown list as shown. Click on Generate Keys from Actions pane from left side of IIS window as.
-->Have you ever needed to generate a MachineKey to use in your application's configuration file or in machine.config? You may need a MachineKey in several scenarios. One of them is the scenario where you deploy your application in a web farm. One another scenario is to need to encrypt Forms Authentication tickets.
You have some options to generate a MachineKey:
- You can build the sample application from the following article: http://support.microsoft.com/kb/312906
- You can search in Bing for 'MachineKey generator' and use an online service. Honestly I wouldn't rely on third party online services for generating MachineKey because I wouldn't have any control over them and I couldn't make sure that if they wouldn't log my IP address and MachineKey in a database to use that later - yes, I know it sounds like 'paranoia' :)
There is one another way which I have learned from one of my customers today. It was over there waiting in IIS user interface but I never gave it a try before (shame on me). You can use IIS 7.5 user interface to generate the MachineKey section and save it in the web.config of your application / root web.config file. Steps are quite easy:
1) Open IIS manager.
2) If you need to generate and save the MachineKey for all your applications select the server name in the left pane, in that case you will be modifying the root web.config file (which is placed in the .NET framework folder). If your intention is to create MachineKey for a specific web site/application then select the web site / application from the left pane. In that case you will be modifying the web.config file of your application.
3) Double click the Machine Key icon in ASP.NET settings in the middle pane:
4) MachineKey section will be read from your configuration file and be shown in the UI. If you did not configure a specific MachineKey and it is generated automatically you will see the following options:
5) Now you can click Generate Keys on the right pane to generate random MachineKeys. When you click Apply, all settings will be saved in the web.config file.
Iis Machinekey Validation Key Generator
--
AMB
-->AMB
The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This works fine for applications that are deployed on a single server. When you use webfarms a client request can land on any one of the servers in the webfarm. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.
There are a lot of articles that describe how to use RNGCryptoServiceProvider to generate a random key. There are also a lot of online tools that generate random keys for you. But I would suggest writing your own script because any one who has access to these keys can do evil things like tamper your forms authentication cookie or viewstate.
With IIS 7 you no longer have to do this manually. The IIS 7.0 manager has a built in feature that you can use to generate these keys.
It uses RNGCryptoServiceProvider internally to create a random key. The value is stored locally in the web.config of that application something like
<?xml version='1.0' encoding='UTF-8'?>
<configuration>
<system.web>
<machineKey decryptionKey='F6722806843145965513817CEBDECBB1F94808E4A6C0B2F2,IsolateApps' validationKey='C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45,IsolateApps' />
</system.web>
</configuration>
<configuration>
<system.web>
<machineKey decryptionKey='F6722806843145965513817CEBDECBB1F94808E4A6C0B2F2,IsolateApps' validationKey='C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45,IsolateApps' />
</system.web>
</configuration>
![Key Key](/uploads/1/2/6/0/126064196/806673703.jpg)
Generate Machine Key
You can copy it and paste it in the web.config file of all the servers in the webfarm.