CODEWITHSUNDEEP
c#security
Luke101
Luke101

Reputation: 65248

How to use System.Web.Security.MachineKey protect and unprotect across network

Considering System.Web.Security.MachineKey uses the local machine key to encrypt and decrypt text within the same box. How would I use this method if I am sending encrypted text across the network to another computer. How would the remote computer decrypt the text?

Upvotes: 2

Views: 1867

Answers (2)

Ian Mariano
Ian Mariano

Reputation: 529

If the remote computer is using the same key it can decrypt it.

This is often the case when you have load-balanced servers and distributed state, e.g. sql server session state, and you want to ensure any session state is accessible by the other servers. You would ensure that all servers in the load-balanced cluster have the same machine key for the same web application.

You would only want to set the machine key in the web applications web.config and not globally.

Upvotes: 3

Stefan
Stefan

Reputation: 17658

Not sure if this is what you are aiming at: but you can share a machine key between multiple systems if you manually define it:

see http://msdn.microsoft.com/en-us/library/ff649308.aspx

Web Farm Deployment Considerations

If you deploy your application in a Web farm, you must ensure that the configuration files on > each server share the same value for validationKey and decryptionKey, which are used for hashing and decryption respectively. This is required because you cannot guarantee which server > will handle successive requests.

With manually generated key values, the settings should be similar to the following example.`

<machineKey  
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
           AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"           
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>

Upvotes: 2

Related Questions