Easiest way to generate MachineKey

Have you ever needed to generate a MachineKey to use in your application's configuration file or in machine.config? You may need a MachineKey in several scenarios. One of them is the scenario where you deploy your application in a web farm. One another scenario is to need to encrypt Forms Authentication tickets.

You have some options to generate a MachineKey:

  • You can build the sample application from the following article: https://support.microsoft.com/kb/312906
  • You can search in Bing for "MachineKey generator" and use an online service. Honestly I wouldn't rely on third party online services for generating MachineKey because I wouldn't have any control over them and I couldn't make sure that if they wouldn't log my IP address and MachineKey in a database to use that later - yes, I know it sounds like "paranoia" :)

There is one another way which I have learned from one of my customers today. It was over there waiting in IIS user interface but I never gave it a try before (shame on me). You can use IIS 7.5 user interface to generate the MachineKey section and save it in the web.config of your application / root web.config file. Steps are quite easy:

1) Open IIS manager.

2) If you need to generate and save the MachineKey for all your applications select the server name in the left pane, in that case you will be modifying the root web.config file (which is placed in the .NET framework folder). If your intention is to create MachineKey for a specific web site/application then select the web site / application from the left pane. In that case you will be modifying the web.config file of your application.

3) Double click the Machine Key icon in ASP.NET settings in the middle pane:

4) MachineKey section will be read from your configuration file and be shown in the UI. If you did not configure a specific MachineKey and it is generated automatically you will see the following options:

5) Now you can click Generate Keys on the right pane to generate random MachineKeys. When you click Apply, all settings will be saved in the web.config file.

--
AMB

Comments

  • Anonymous
    January 18, 2013
    very helpful trick!!!

  • Anonymous
    September 03, 2013
    Where's this sample application?

  • Anonymous
    December 02, 2013
    @Peter_D503 - sorry, the sample application is in the following article: support.microsoft.com/.../312906

  • Anonymous
    March 27, 2014
    Can we use the keys generated by IIS7 on an IIS 6.0 web site?

  • Anonymous
    April 23, 2014
    @User,Yes, you can use it.

  • Anonymous
    April 29, 2014
    If the MachineKey isn't configured in the web.config, where does the default value get pulled from?  I checked the Machine.config for ASP.NET 4.0 and it wasn't there.  My team wants to set this value at a higher level than the web.config in case one of our developers forgets to add the machine key to the web.config.  I understand the security risks of this, but that was the decision that was made.  Thanks for any advice!

  • Anonymous
    October 28, 2014
    The comment has been removed

  • Anonymous
    November 12, 2014
    @Griz - It's at C:WindowsMicrosoft.NETFramework64v4.0.30319Configweb.config

  • Anonymous
    November 20, 2014
    Don't all the nodes in a cluster have to use the same machineKey?If I use this method, won't it put different keys on each node?

  • Anonymous
    December 01, 2014
    @Questioner Hello, if you create on all nodes individually then you are right. However you can create on one machine then copy it to the others.

  • Anonymous
    December 10, 2014
    Should the <machineKey> information be in the web.config or in the machine.config in IIS 8.5?  For earlier versions (IIS 6.0) we would use a utility to create the key and then put it in the machine.config file, not in the web.config.

  • Anonymous
    December 11, 2014
    @ Patrick OBrien - It can be in any configuration file. Note that starting from IIS 7.0, configuration files are "merged", meaning that you can also put IIS related configuration sections in web.config files when you use integrated pipeline.

  • Anonymous
    December 28, 2014
    Sir If generate a key offline IIS server Can I use this key on live server.

  • Anonymous
    December 29, 2014
    @Dharmandar Yes, you can use that key.

  • Anonymous
    February 17, 2015
    good day sir.I'm trying to test/setup a shared session between two web application.* I already enabled ASP.net State service,* Set Session State of the site (IIS) to State Server (tcpip=localhost:42424)* Add session tags in the web.config () on both web application.When i press the button from web1 passing a value to session variable and access by web2, no value was retrieve...did i missed out something in my settings?your help is highly appreciatedThank you.

  • Anonymous
    March 16, 2015
    hello @ christine sarsonas, can you please paste your related part of the web.config file? do you see any error messages in application or system event logs (maybe mentioning that the state service is failed to start or cannot be reached, etc...).

  • Anonymous
    March 17, 2015
    Hi Ahmet, how to do this in IIS 6? Thanks!

  • Anonymous
    March 23, 2015
    @Arun - there is no such feature in IIS 6.0 but as that is .NET specific configuration, you can use the same machineKeys created in newer versions of IIS. Simply just create the keys in an IIS 7.x or onwards, then copy the related section to your application's config file, which runs on IIS 6.0. Hope that helps.

  • Anonymous
    April 16, 2015
    hello, you described machine key for IIS server but how I will generate this key for live server? How I will get the key for my domain?

  • Anonymous
    June 12, 2015
    I am facing same problem... I have set enableViewstateMac = false to the web.config file but no luck appreciate any help on this.

  • Anonymous
    November 10, 2016
    Thanks great tip

  • Anonymous
    November 17, 2016
    I hate machine key! Viewstate error is the worst error in the world.

  • Anonymous
    January 03, 2017
    Sometime back, Microsoft decided they know best and made it so you cannot disable ViewStateMAC. So you have to deal with this nightmare. I have the same value for 2 servers behind round-robin load balancer and all I get is MAC errors. Researching solution has not helped. Has anyone gotten this to work?

    • Anonymous
      January 03, 2017
      The comment has been removed
  • Anonymous
    May 24, 2017
    Usefull thanks

  • Anonymous
    November 07, 2017
    I generate this magic key on my local/home computer?And it works on the remote hosting company we use?How?

    • Anonymous
      March 01, 2018
      It works because it is not server dependent key. That key will be used for encryption and decryption.