Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In ASP.NET can you set the machineKey settings programmatically?
The web app that we use stores sensitive info encrypted in a database, so if we could put the decryptionKey there it would be handy.
No; the machineKey element must be set via config. However, web.config can itself be encrypted, which helps minimize risk of cryptographic key disclosure if an attacker ever gets access to the config file. (This same process can be used to protect SQL connection strings and pretty much any other sensitive config element you wish.) See http://msdn.microsoft.com/en-us/library/dtkwfdky(v=VS.100).aspx for a walkthrough on enabling this.