Export (0) Print
Expand All
Expand Minimize
This topic has not yet been rated - Rate this topic

MachineKeyValidation Enumeration

Specifies the hashing algorithm that ASP.NET uses for forms authentication and for validating view state data, and for out-of-process session state identification.

Namespace:  System.Web.Configuration
Assembly:  System.Web (in System.Web.dll)
public enum class MachineKeyValidation
Member nameDescription
AESSpecifies that ASP.NET uses the AES (Rijndael) encryption algorithm.

Choose this option if you want to encrypt view state in your Web application. If you choose this option, the DecryptionKey property will be used for encryption and decryption, and the HMACSHA1 hash algorithm will be used with the ValidationKey property for validation.

CustomSpecifies that ASP.NET uses a custom hashing algorithm.

The custom hashing algorithm can be implemented in any class that derives from KeyedHashAlgorithm.

The custom algorithm is typically specified declaratively in the validation attribute of the machineKey element, in the format alg:algorithm_name. For information about how to specify a custom algorithm in code, see the MachineKeySection::ValidationAlgorithm property.

HMACSHA256Specifies that ASP.NET uses the HMACSHA256 hashing algorithm. This is the default value.

HMACSHA256 is an SHA2 hashing algorithm that generates a 256-bit hash code.

HMACSHA384Specifies that ASP.NET uses the HMACSHA384 hashing algorithm.

HMACSHA384 is an SHA2 hashing algorithm that generates a 384-bit hash code. This option is available for applications that require stronger security than is provided by the HMACSHA256algorithm.

HMACSHA512Specifies that ASP.NET uses the HMACSHA512 hashing algorithm.

HMACSHA512 is an SHA2 hashing algorithm that generates a 512-bit hash code. This option is available for applications that require stronger security than is provided by the HMACSHA384 algorithm.

MD5Specifies that ASP.NET uses the Message Digest 5 (MD5) hashing algorithm.

MD5 is a hashing algorithm that generates a 128-bit hash value. This option is included for legacy purposes and should be selected only if compatibility with earlier versions of ASP.NET is required.

SHA1Specifies that ASP.NET uses the HMACSHA1 hash algorithm.

HMACSHA1 is a hashing algorithm that generates a 160-bit hash value. This option is included for legacy purposes and should be selected only if compatibility with earlier versions of ASP.NET is required.

TripleDESSpecifies that ASP.NET uses the TripleDES (3DES) encryption algorithm.

TripleDES is an encryption algorithm that is used only if you specify that view state is encrypted. This option is included for legacy purposes and should be selected only if compatibility with earlier versions of ASP.NET is required.

ASP.NET uses a hash-based message authentication code (HMAC) to help detect whether data that is used for forms authentication or view state has been tampered with. The HMAC is generated when view state content is created, and the HMAC is checked on subsequent requests. The HMAC helps ASP.NET determine whether someone has changed data that is sent between the server and the client, but the data can be read by anyone as it travels through the Internet unless it is also encrypted. By default, view state is validated but not encrypted. For more information, see ViewStateEncryptionMode and RegisterRequiresViewStateEncryption.

The MachineKeyValidation enumeration lets you specify the algorithm that ASP.NET uses to create the HMAC. The default value is HMACSHA256. ASP.NET uses the value of the ValidationKey property with the selected algorithm to generate the HMAC.

The following code example shows how to use the MachineKeyValidation enumeration. In the example, configSection is an instance of MachineKeySection.This code example is part of a larger example provided for the MachineKeySection class.

No code example is currently available or this language may not be supported.

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.