I started thinking about how my web.config should be configured in regards to the machineKey values. I did a little investigationand discovered that Microsoft has a specific recommendation for when you only have one web server. Here the blurp from the article:
With the default values of Auto for the decryption attribute and AutoGenerate,IsolateApps for the decryptionKey, tickets are encrypted with AES symmetric encryption. As far as possible, ensure that both the validation and decryption keys are set to AutoGenerate instead of being hard-coded.
1: <machineKey
2: validationKey="AutoGenerate,IsolateApps"
3: decryptionKey="AutoGenerate,IsolateApps"
4: validation="SHA1"
5: decryption="Auto" />
I made the configuration changes over a month ago and haven’t had any problems. I decided to make the change to help keep my web.config simple and clear.
CSS-Tricks
Janko at Warp Speed
Kim Cameron's Identity Weblog
Pluralsight Blogs
Wed, Jan 16, 2008
Technology