Web Farm and <machineKey>

From: Kevin Burton (anonymous_at_discussions.microsoft.com)
Date: 10/30/03

Next message: Iris: "Windows Authentication across domains"

Previous message: Dinis Cruz: "Security issues with Asp.Net in Shared Hosting Environments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Oct 2003 14:06:14 -0800

I have a Web Farm and I understand that in order to keep
ViewState safe I want to modify the <machineKey>.

1) The documentation indicates that EnableViewStateMac
defaults to "false" but I am seeing View State corruption
messages (as a result of HttpException). Can the View
State be detected as corrupt without the MAC validation?

2) I see some examples of some keys that I can use for
validation and encryption. Is there a utility that I can
use to generate a key? Yes, I understand that the same key
has to be on each member of the Web farm. I would just
like to generate my own key.

3) Is the default to encrypt and hash or just hash or none?

Thank you.

Kevin
rkevinburton@charter.net

Next message: Iris: "Windows Authentication across domains"

Previous message: Dinis Cruz: "Security issues with Asp.Net in Shared Hosting Environments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]