CODEWITHSUNDEEP
asp.netiis
SBirthare
SBirthare

Reputation: 5137

Machine Key generation feature not exist in latest IIS Version

Answering one of the recent question on SO, i encountered this anomaly.

This msdn blog suggests using IIS to generate machine key, which looks more secure to me as Microsoft tool being used. However, it seems this feature is only supported until IIS 7 or less.

I don't find it on my box IIS 8.5. I checked on IIS 7.5 and its not present there either. However, I found it in IIS 6.1 on a coworker box.

I am wondering whether:

  1. It still exist in IIS latest versions, if yes, how to use it?

  2. If it is removed from latest version of IIS, what's suggested approach from Microsoft to generate a secure enough machine key?

  3. Is it safe to use these custom generators?

    a. Machine Key Generator (online)

    b. ASP.NET machineKey Generator (tool you can modify)

Upvotes: 11

Views: 11355

Answers (4)

Jayendran
Jayendran

Reputation: 10940

I know I came to very late to provide this answer. Hope this helps for any others.

I'm using the latest IIS 10(which is the latest)

By default, the Machine Key feature is not installed when enabling the Internet Information Service in the windows features.

You need to install ASP.NET XX from the World Wide Web Service

enter image description here

After installing this, you can generate your keys from the Machine Key Option.

Upvotes: 2

hongguan
hongguan

Reputation: 520

As for mentioned by @ryanulit, you can just copy the script directly to your PowerShell window

Steps :

  1. Open powershell window (anywhere is fine)
  2. Copy the script from the microsoft link and paste in your powershell window and press enter
  3. Type Generate-MachineKey -validationAlgorithm SHA1
  4. That's it. Your machine key description will show up in the window. PowerShell image sample from my PC

Script Link from Microsoft http://support.microsoft.com/kb/2915218#AppendixA

Upvotes: 3

mellis481
mellis481

Reputation: 4158

Make a copy of the administration.config file in C:\Windows\System32\inetsrv\config. Then, in the <moduleProviders> node under <!-- ASP.NET Modules--> remove the MachineKey node. Then run iisreset. Re-open IIS and see if the ASP.NET area is present. If it is, put the MachineKey node back in the administration.config file (or just re-instate the original config file) and run iisreset again.

Upvotes: 0

Levi
Levi

Reputation: 32818

See https://support.microsoft.com/kb/2915218#AppendixA for information on how to generate a <machineKey> element. There's a script there that you can copy & paste into a Powershell window.

Reminder: only use keys that you generated yourself on your own machine. Never use an online generator.

Upvotes: 10

Related Questions