Last post Sep 13, 2019 04:47 AM by Fei Han - MSFT
Sep 12, 2019 12:53 PM|samirkarim|LINK
I have a Web application, and i use IIS. and i have a problem
When the application restart, there is an automaticlly Machine Key Genereted, and when i acces to the website, and Login, i have an Error :
The anti-forgery cookie token and form field token do not match
But if i Fix The Machine key By IIS (Generate Keys Button), i don't have this Error
I want to know If it's a mistake if i fix The Machine Key !!
Sep 12, 2019 02:09 PM|bruce (sqlwork.com)|LINK
Sep 12, 2019 02:57 PM|samirkarim|LINK
Sorry, Can you explain to me, i did not understand well
Sep 12, 2019 05:26 PM|KathyW|LINK
You want a fixed machine key if you want the cookie match to survive restarts, and also if you are using a web farm.
It's not a mistake.
Sep 13, 2019 04:47 AM|Fei Han - MSFT|LINK
By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This would work fine for applications that are deployed on a single server.
If you use webfarms that have different Machine Keys, the cookies created on one machine won't be usable on the other. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.