I working on a MVC 4 site which has uses Authentication. The site requires that I specify the Machine Key values. I did this via the IIS interface having deselected the "automatically generate at runtime", generated the key values and having selected "generate a unique key for each application"
The web.config entry looks something like this:
<machineKey decryption="DES" decryptionKey="{hex-key value},IsolateApps"
validationKey="{hex-key value},IsolateApps" />;
While this seems to work fine on another web project it causes the "Decryption key specified has invalid hex characters" error on the dev machine I am working on now (both in IIS-Express and IIS 7.5).
Removing ",IsolateApps"
from the key values solves the issue but since I need this option on in production I dont want to be removing it now only to have this issue when deploying.
What gives? The dev box is a SQL 2008 R2 box with .net 2.0 and .net 4.0.
The IsolateApps
modifier causes ASP.NET to generate a unique key for each application on your server. This is only applicable if you are getting ASP.NET to auto-generate keys at runtime.
If you are not getting ASP.NET to auto-generate keys, and are instead specifying the keys using decryptionKey="{hex-key value}"
, then the way to get ASP.NET to use a different key for each application is to simply specify a different key in each application's Web.config.
The IIS config GUI allows you to create a Web.config with an explicit key together with the IsolateApps
modifier, which is invalid, and in my opinion is a bug in the config GUI.