다음을 통해 공유


Error: The 'validation' attribute is invalid. Enum must be one of MD5, SHA1, 3DES, AES

 

Recently I worked with one of the customer who was having a SharePoint website hosted on his Windows Server 2008 R2 (IIS 7.5) environment.

This site was configured to use Machine Key setting validation="HMACSHA256" which according to thisblog, is an acceptable value included with .NET 4.0. 

From within IIS Manager, browsing to the Machine Key icon, we receive the below error message:

 

Machine Key

---------------------------

There was an error while performing this operation.

Details:

Filename: \\?\C:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config

Line number: 419

Error: The 'validation' attribute is invalid. Enum must be one of MD5, SHA1, 3DES, AES

clip_image001

 

 This does not occur in a Windows Server 2012 and higher (IIS 8.X) environment. However, the same issue is reproducible in Windows Server 2008 R2.  

 

Resolution

The error we are getting is because of Aspnet_Schemafile not having the validation attribute defined. The .NET framework itself supports it (4.0+) as you would have seen in the link below:

https://msdn.microsoft.com/en-us/library/vstudio/w8h3skw9(v=vs.100).aspx

 

 

Is there an Impact?

If we use the encryption, decryption method as HMACSHA256 in our application, although the IIS UI throws an error, the application should still work.

 

How do we overcome the IIS UI error ?

 

 

We need to edit the ASPNET_schema.xml located in “C:\Windows\System32\inetsrv\config\schema” to accommodate HMACSHA256 as shown below:

 

 

       <attribute name="validation" type="enum" defaultValue="SHA1">

            <enum name="MD5" value="0" />

            <enum name="SHA1" value="1" />

            <enum name="3DES" value="2" />

            <enum name="AES" value="3" />

            <enum name="HMACSHA256" value="4" />

        </attribute>

 

However, note that it won’t be there in the drop down in the IIS Machine Key UI. Even for editing it, we need to play around with too many permissions. If possible, avoid the changes.