Difference between revisions of "Setting the Machine Key"

From AbleCommerce Wiki
Jump to: navigation, search
Line 5: Line 5:
 
There are several ways to get around this problem:
 
There are several ways to get around this problem:
  
1) Host your site on a server that never restarts or recycles! Obviously, this is impossible!
+
* Host your site on a server that never restarts or recycles! Obviously, this is impossible!
  
2) Disable ViewstateMac by putting this “enableViewStateMac="false"in your web.config. This approach is not 100% secure.
+
* Disable ViewstateMac by putting this '''enableViewStateMac="false"''' in your web.config. This approach is not 100% secure.
  
3) Configure ASP.NET to not use Auto-Generated Key but rather a predefined key. This is the preferred method.
+
* Configure ASP.NET to not use Auto-Generated Key but rather a '''predefined key'''. This is the preferred method.
  
The third option is the most secure and the best one and we suggest to use this. There is a free Machine Key generator tool available at the following link
+
The last option, using predefined key, is the most secure and suggested method to use. There is a free Machine Key generator tool available at the following link
  
 
http://aspnetresources.com/tools/keycreator.aspx
 
http://aspnetresources.com/tools/keycreator.aspx
  
In order to generate the key using this tool Leave the defaults in place, validation key length 64, encryption key length 24, type sha1. Then Click Generate to create a random machine key for you and copy the result.
+
In order to generate the key using this tool leave the defaults in place; validation key length 64, encryption key length 24, type sha1. Then click Generate to create a random machine key for you and copy the result.
  
 
Now open the web.config file from your site. Find around line which shows
 
Now open the web.config file from your site. Find around line which shows
<system.web>
+
'''<system.web>''' And paste in the '''<machineKey ... />''' on the next line.  
And paste in the <machineKey ... /> on the next line. Save that file.
+
Save the web.config file.

Revision as of 08:14, 19 August 2008

Sometimes when using ASP.NET enabled website you may get the following error

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

There are several ways to get around this problem:

  • Host your site on a server that never restarts or recycles! Obviously, this is impossible!
  • Disable ViewstateMac by putting this enableViewStateMac="false" in your web.config. This approach is not 100% secure.
  • Configure ASP.NET to not use Auto-Generated Key but rather a predefined key. This is the preferred method.

The last option, using predefined key, is the most secure and suggested method to use. There is a free Machine Key generator tool available at the following link

http://aspnetresources.com/tools/keycreator.aspx

In order to generate the key using this tool leave the defaults in place; validation key length 64, encryption key length 24, type sha1. Then click Generate to create a random machine key for you and copy the result.

Now open the web.config file from your site. Find around line which shows <system.web> And paste in the <machineKey ... /> on the next line. Save the web.config file.