按照MSDN的标准说法:“对密钥进行配置,以便将其用于对 Forms 身份验证 Cookie 数据和视图状态数据进行加密和解密,并将其用于对进程外会话状态标识进行验证。”也就是说Asp.Net的很多加密,都是依赖于machineKey里面的值,例如Forms 身份验证 Cookie、ViewState的加密。默认情况下,Asp.Net的配置是自己动态生成,如果单台服务器当然没问题,但是如果多台服务器负载均衡,machineKey还采用动态生成的方式,每台服务器上的machinekey值不一致,就导致加密出来的结果也不一致,不能共享验证和ViewState,所以对于多台服务器负载均衡的情况,一定要在每台站点配置相同的machineKey。
文章和代码参照:URL
/// <summary>
/// 生成随机的Machinekey /// </summary> /// <param name="bytelength"></param>
/// <returns></returns>
string getRandomKey(int bytelength) {
byte[] buff = new byte[bytelength]; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(buff); StringBuilder sb = new StringBuilder(bytelength * 2); for (int i = 0; i < buff.Length; i++) sb.Append(string.Format("{0:X2}", buff[i])); return sb.ToString(); } /// <summary> /// 生成Asp.net2.0中Web.Config的Machinekey节点 /// </summary> /// <returns></returns> string getASPNET20machinekey() { StringBuilder aspnet20machinekey = new StringBuilder(); string key64byte = getRandomKey(64); string key32byte = getRandomKey(32); aspnet20machinekey.Append("<machineKey \n"); aspnet20machinekey.Append("validationKey=\"" + key64byte + "\"\n"); aspnet20machinekey.Append("decryptionKey=\"" + key32byte + "\"\n"); aspnet20machinekey.Append("validation=\"SHA1\" decryption=\"AES\"\n"); aspnet20machinekey.Append("/>\n"); return aspnet20machinekey.ToString(); } /// <summary> /// 生成Asp.net1.1中Web.Config的Machinekey节点 /// </summary> /// <returns></returns> public string getASPNET11machinekey() { StringBuilder aspnet11machinekey = new StringBuilder(); string key64byte = getRandomKey(64); string key24byte = getRandomKey(24); aspnet11machinekey.Append("<machineKey "); aspnet11machinekey.Append("validationKey=\"" + key64byte + "\"\n"); aspnet11machinekey.Append("decryptionKey=\"" + key24byte + "\"\n"); aspnet11machinekey.Append("validation=\"SHA1\"\n"); aspnet11machinekey.Append("/>\n"); return aspnet11machinekey.ToString(); }
