machineKey

[Guest]

my web servers had .NET 1.1 on them and today we installed .NET 2.0 to deploy
a few new applications. After running aspnet_resiis.exe -i under the 2.0
framework directory all my single signon 1.1 applications no longer work. In
the past on each server I used something like<machineKey
validationKey='015E14DCCF38E2FC11B2D3DB0787A64F45E807EDACC57BFBD71DF64E5CFB20EBD5720F037FA549342B6A9351A125C2FF0C2A2A7EFC3F5B531BAF567BDF16B829'
decryptionKey='2EF72A2E32B936EFD2225A3B85DB1E0AF5FE8D1DC8396174'
validation='SHA1'/>

This allowed for each server and each application to use the same key.
Where do I set this in .NET 2.0? I could not see the option in the
machine.config. I am guessing once all applications can see the machineKey
values single sigon will work again across servers and applications. I hope
that a single config setting can resolve this issue as we cannot convert all
of our applications to 2.0

 

[Peter Huang [MSFT]]

Dear Customer,

From you description, I understand that after running "aspnet_resiis.exe
-i" under the .NET framework 2.0 directory, all your .NET 1.1 applications
do not work with the Single Sign-on feature any more.

If I misunderstood, please feel free to let me know.

Based on my research, in .NET 1.1, there is a machineKey element in the
machine.config file to set the validation Key.
In .NET 2.0, the following default machineKey element is not explicitly
configured in the Machine.config file or in the root Web.config file.
However, it is the default configuration that is returned by application.
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1"
decryption="Auto"
/>

machineKey Element (ASP.NET Settings Schema)
http://msdn2.microsoft.com/en-us/library/w8h3skw9.aspx

If we want the web applications which are running on both .NET 1.1 and .NET
2.0 to support the Single Sign-on feature, we may try to set both .NET 1.1
and .NET 2.0 machine.config files. We need to make sure the machineKey
element in the machine.config files are of the same value.

If you still have any concern, please feel free to let me know.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Since the machineKey as you mentioned is not explictly configured, where
should I place it in the machine.config? Do I just need to place the entry
as you gave me into the machine.config? I would need to set the key, and I
think I read that decryption needed to be 3DES for 1.1 to work as well if I
had my login app with .NET 2.0?

 

[Steven Cheng[MSFT]]

Hi Nt32msngns,

For ASP.NET 2.0/.net 2.0, we can still configure the <machinekey> in
machine.config or web.config file. Yes, as you've seen, the default setting
is not explicitly set in .net 2.0's machine.config, however, this dosn't
means that we can not set it, it is because .net 2.0 maintain the default
setting internally, if you want to override them with your own setting,
just feel free to add the <machineKey> element and configure your own
setting. You can view the MSDN documenation on the .NET 2.0 <machineKey>
setting.... , it remains mostly with from 1.1 setting....

#machineKey Element (ASP.NET Settings Schema)
http://msdn2.microsoft.com/en-us/library/w8h3skw9.aspx

Also ,here is a msdn article mentioned how to configure machinekey in
asp.net 2.0....

#How To: Configure MachineKey in ASP.NET 2.0
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000007.asp?frame=tr
ue

BTW, are your asp.net applications currently recompiled(upgrated) to
asp.net 2.0, or just some of them are upgraded(or none of them is upgrated,
still remain 1.1)? If still remain 1.1, we should configure the IIS back
to ASP.NET 1.1 and run them under 1.1

Thanks & Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)





--------------------
| Thread-Topic: machineKey
| thread-index: AcYgGvhVkTGW27qPRZmXxDZwBpWYGg==
| X-WBNR-Posting-Host: 12.208.39.77
| From: "=?Utf-8?B?Tmljaw==?=" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: RE: machineKey
| Date: Mon, 23 Jan 2006 04:46:03 -0800
| Lines: 47
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.general
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.general:186912
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| Since the machineKey as you mentioned is not explictly configured, where
| should I place it in the machine.config? Do I just need to place the
entry
| as you gave me into the machine.config? I would need to set the key, and
I
| think I read that decryption needed to be 3DES for 1.1 to work as well if
I
| had my login app with .NET 2.0?
|
| ""Peter Huang" [MSFT]" wrote:
|
| > Dear Customer,
| >
| > From you description, I understand that after running
"aspnet_resiis.exe
| > -i" under the .NET framework 2.0 directory, all your .NET 1.1
applications
| > do not work with the Single Sign-on feature any more.
| >
| > If I misunderstood, please feel free to let me know.
| >
| > Based on my research, in .NET 1.1, there is a machineKey element in the
| > machine.config file to set the validation Key.
| > In .NET 2.0, the following default machineKey element is not
explicitly
| > configured in the Machine.config file or in the root Web.config file.
| > However, it is the default configuration that is returned by
application.
| > <machineKey
| > validationKey="AutoGenerate,IsolateApps"
| > decryptionKey="AutoGenerate,IsolateApps"
| > validation="SHA1"
| > decryption="Auto"
| > />
| >
| > machineKey Element (ASP.NET Settings Schema)
| > http://msdn2.microsoft.com/en-us/library/w8h3skw9.aspx
| >
| > If we want the web applications which are running on both .NET 1.1 and
NET
| > 2.0 to support the Single Sign-on feature, we may try to set both .NET
1.1
| > and .NET 2.0 machine.config files. We need to make sure the machineKey
| > element in the machine.config files are of the same value.
| >
| > If you still have any concern, please feel free to let me know.
| >
| > Best regards,
| >
| > Peter Huang
| > Microsoft Online Partner Support
| >
| > Get Secure! - www.microsoft.com/security
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
|

 

[Guest]

By addeing the machineKey element , all programs started working again. I
have some using 1.1 and others have been upgraded to 2.0.

 

[Steven Cheng[MSFT]]

That's good. Thanks for your followup.

Regards,,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| Thread-Topic: machineKey
| thread-index: AcYg9BDGGIL8WnrKRAOiaNtrv5KVuw==
| X-WBNR-Posting-Host: 12.208.39.77
| From: "=?Utf-8?B?Tmljaw==?=" <[email protected]>
| References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: RE: machineKey
| Date: Tue, 24 Jan 2006 06:40:05 -0800
| Lines: 2
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.general
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.general:187041
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| By addeing the machineKey element , all programs started working again.
I
| have some using 1.1 and others have been upgraded to 2.0.
|