Machine Key RRS feed

  • Question

  • User1929067570 posted


    I have a Web application, and i use IIS. and i have a problem

    When the application restart, there is an automaticlly Machine Key Genereted, and when i acces to the website, and Login, i have an Error : 

    The anti-forgery cookie token and form field token do not match

    But if i Fix The Machine key By IIS (Generate Keys Button), i don't have this Error

    I want to know If it's a mistake if i fix The Machine Key !!

    Thank you

    Thursday, September 12, 2019 12:53 PM

All replies

  • User-474980206 posted
    It’s slightly less secure, but there are cases when you want to set the machine key, if login cookie is shared between sites, you want tokens to survive restarts, you are using a web farm, etc.
    Thursday, September 12, 2019 2:09 PM
  • User1929067570 posted

    Sorry, Can you explain to me, i did not understand well

    Thursday, September 12, 2019 2:57 PM
  • User409696431 posted

    You want a fixed machine key if you want the cookie match to survive restarts, and also if you are using a web farm.

    It's not a mistake.

    Thursday, September 12, 2019 5:26 PM
  • User61956409 posted

    Hi samirkarim,

    By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This would work fine for applications that are deployed on a single server.

    If you use webfarms that have different Machine Keys, the cookies created on one machine won't be usable on the other. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.

    With Regards,

    Fei Han

    Friday, September 13, 2019 4:47 AM