Specifies the hashing algorithm that ASP.NET uses for forms authentication and for validating view state data, and for out-of-process session state identification.
Assembly: System.Web (in System.Web.dll)
|Specifies that ASP.NET uses the Message Digest 5 (MD5) hashing algorithm. |
MD5 is a hashing algorithm that generates a 128-bit hash value. This option is included for legacy purposes and should be selected only if compatibility with earlier versions of ASP.NET is required.
|Specifies that ASP.NET uses the HMACSHA1 hash algorithm.|
HMACSHA1 is a hashing algorithm that generates a 160-bit hash value. This option is included for legacy purposes and should be selected only if compatibility with earlier versions of ASP.NET is required.
|Specifies that ASP.NET uses the TripleDES (3DES) encryption algorithm. |
TripleDES is an encryption algorithm that is used only if you specify that view state is encrypted. This option is included for legacy purposes and should be selected only if compatibility with earlier versions of ASP.NET is required.
|Specifies that ASP.NET uses the AES (Rijndael) encryption algorithm.|
Choose this option if you want to encrypt view state in your Web application. If you choose this option, the DecryptionKey property will be used for encryption and decryption, and the HMACSHA1 hash algorithm will be used with the ValidationKey property for validation.
|Specifies that ASP.NET uses the HMACSHA256 hashing algorithm. This is the default value.|
HMACSHA256 is an SHA2 hashing algorithm that generates a 256-bit hash code.
|Specifies that ASP.NET uses the HMACSHA384 hashing algorithm.|
HMACSHA384 is an SHA2 hashing algorithm that generates a 384-bit hash code. This option is available for applications that require stronger security than is provided by the HMACSHA256algorithm.
|Specifies that ASP.NET uses the HMACSHA512 hashing algorithm.|
HMACSHA512 is an SHA2 hashing algorithm that generates a 512-bit hash code. This option is available for applications that require stronger security than is provided by the HMACSHA384 algorithm.
|Specifies that ASP.NET uses a custom hashing algorithm. |
The custom hashing algorithm can be implemented in any class that derives from KeyedHashAlgorithm.
The custom algorithm is typically specified declaratively in the validation attribute of the machineKey element, in the format alg:algorithm_name. For information about how to specify a custom algorithm in code, see the MachineKeySection.ValidationAlgorithm property.
ASP.NET uses a hash-based message authentication code (HMAC) to help detect whether data that is used for forms authentication or view state has been tampered with. The HMAC is generated when view state content is created, and the HMAC is checked on subsequent requests. The HMAC helps ASP.NET determine whether someone has changed data that is sent between the server and the client, but the data can be read by anyone as it travels through the Internet unless it is also encrypted. By default, view state is validated but not encrypted. For more information, see ViewStateEncryptionMode and RegisterRequiresViewStateEncryption().
The enumeration lets you specify the algorithm that ASP.NET uses to create the HMAC. The default value is . ASP.NET uses the value of the ValidationKey property with the selected algorithm to generate the HMAC.
The following code example shows how to use the enumeration. In the example, configSection is an instance of MachineKeySection.This code example is part of a larger example provided for the MachineKeySection class.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.