My asp.net site has two server for load balance. I found that if the authentication cookie(.AspNet.Application) were encrypted by the server 1, then it can't be decrypt by server 2. I have already set the machiekey of the two servers to the same value. In addition, I found that System.Web.Security.MachineKey.Unprotect method can't decrypt ciphertext which was encrypt by another server that has the same machinekey. However, it works well in the same server. The site used web form technology before, but now it used web form+mvc in one solution. my encrypt code fragment as below:
var bytes = System.Web.Security.MachineKey.Protect(Encoding.UTF8.GetBytes("abcd1234"),
"M", "A", "v1");
this.textBox2.Text = Convert.ToBase64String(bytes);
decrypt code fragment as below:
var bytes = System.Web.Security.MachineKey.Unprotect(Convert.FromBase64String(this.textBox2.Text),
"M", "A", "v1");
this.textBox1.Text = Encoding.UTF8.GetString(bytes);
Could anyone help me please? Thank you very much!
could you put machinekey in web.config, like
<system.web>
<compilation debug="true" targetFramework="4.6"/>
<httpRuntime targetFramework="4.6"/>
<machineKey
validationKey="your validationKey"
decryptionKey="your decryptionKey"
validation="SHA1"
decryption="AES"
/>
</system.web>