发表新帖
发表新帖

ASP.NET machineKey config section default location

后端 未结
关注
1 610
名媛妹妹
名媛妹妹 2020-12-24 03:36

Where do I find the machineKey config section for ASP.NET?

I don\'t have one in my application Web.config, there isn\'t one in the root

相关标签:
1条回答
  • 孤街浪徒
    2020-12-24 04:06

    machineKey is situated under System.web entry in web.config

    Refer MSDN link for web.config Schema.

    If you dont see it in your web.config, you can just add it there.

    From MSDN again :-)

    To provide tamper proof ViewState, a hashed message authentication code (HMAC) is generated from the ViewState content and the hash is compared on subsequent requests. The validation attribute of the indicates which hashing algorithm to use, and it defaults to SHA1, which uses the HMACSHA1 algorithm. Valid choices for hashing include SHA1 or MD5, although SHA1 is preferable because it produces a larger hash and is considered cryptographically stronger than MD5. The validationKey attribute of is used in conjunction with the ViewState content to produce the HMAC. If your application is installed in a Web farm, you need to change the validationKey from AutoGenerate,IsolateApps to a specific manually generated key value.

    The default settings for the <pages> and <machineKey> elements are defined in the machine-level web.config.comments file.

    For machineKey, they are 

    <machineKey validationKey="AutoGenerate,IsolateApps"  
            decryptionKey="AutoGenerate,IsolateApps" 
            validation="SHA1" decryption="Auto" />

    EDIT : For .NET 4.0 the default algorithm has been changed to SHA256 I think that the easiest way of finding the defaults is to see the entry in the MSDN for this config value.

    MSDN 4.0 for machinekey is as below. The values selected are the default values. The values in [] are the other optional values that the field can take. I remember reading someplace this is the typical way in MSDN of denoting defaults for the config values. 

    <machineKey 
  validationKey="AutoGenerate,IsolateApps" [String]
  decryptionKey="AutoGenerate,IsolateApps" [String]
  validation="HMACSHA256" [SHA1 | MD5 | 3DES | AES | HMACSHA256 | 
    HMACSHA384 | HMACSHA512 | alg:algorithm_name]
  decryption="Auto" [Auto | DES | 3DES | AES | alg:algorithm_name]
/>
    0 讨论(0)
 看不清?
提交回复
热议问题