Mark Ursino Mark Ursino - 2 months ago 19
ASP.NET (C#) Question

Adding machineKey to web.config on web-farm sites

We (out IT partner really) recently changed some DNS for a web farmed site we have so that the two production server have round-robin DNS switching between the two. Prior to this switch we didn't really have problems with

WebResource.axd
files. Since the switch, when we hit the live public URL, we get an error:


CryptographicException

Padding is invalid and cannot be removed.


When we hit the specific servers themselves, they load fine. I've researched the issue and it seems since they're sharing assets between two servers, we need to have a consistent
machineKey
in the
web.config
for each server so they can encrypt and decrypt consistently between the two. My questions are:


  1. Can I generate a
    machineKey
    via a tool on the server, or do I need to write code to do this?

  2. Do I just need to add the
    machineKey
    to the
    web.config
    on each server or do you think I'll need to do anything else to make the two server work together? (Both
    web.config
    's currently do not have a
    machineKey
    )


Answer

This should answer:

http://msdn.microsoft.com/en-us/library/ff649308.aspx#paght000007_webfarmdeploymentconsiderations

In short, to set up the machine key refer the following link http://docs.orchardproject.net/Documentation/Setting-up-a-machine-key

and add the following line to the web.config file in all the webservers under system.web tag if it does not exist.

<machineKey  
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
               AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"           
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>

Please make sure that you have a permanent backup of the machine keys and web.config file

Comments