How To Config MachineKey In Asp.Net Core In IIS Level

Question

I have two server and in communication between servers I check Machine Key in IIS Level. Now I have a new project in net core and I want to check Machine Key like Asp.net projects. I search for this but can't find a solution

Answer 1

ASP.NET Core doesn't use Web.config, and even if it did, it doesn't use machine keys either. Cryptography is handled via the Data Protection API , which stores and generates keys in an entirely different way.

If you need to share things like cookies between ASP.NET and ASP.NET Core, you have to work in the opposite way and plug in the Data Protection API into your ASP.NET apps, so that they use the same system as ASP.NET Core. Microsoft has a guide for that.

Answer 2

Well, it kind of depends on exactly what you are doing. If your project uses Microsoft Identity, then Identity by default uses machine key as part of the hash. So, in my case, my site sends off an email asking a user to verify their email. The link includes what is basically a password hash encrypted - in part - with the machine key from the server it originated from.

So if the user clicked the link, and then ended up on a different server on the farm, the validation check fails unless the machine keys are set to be the same on the various servers behind the load balancer.

So at this point I haven't found any good way to set the machine key when publishing to IIS. The web.config is auto-generated during publish from my ASP.NET core project. The only solution I have found at this point is to manually open the web.config after publishing the project and insert the machine key section before deploying to the servers in the farm.