将 machineKey 添加到 web-farm 站点上的 web.config [英] Adding machineKey to web.config on web-farm sites
问题描述
我们(实际上是我们的 IT 合作伙伴)最近更改了我们拥有的网络农场站点的一些 DNS,以便两个生产服务器在它们之间进行循环 DNS 切换.在此切换之前,我们并没有真正遇到 WebResource.axd 文件的问题.自切换以来,当我们点击实时公共 URL 时,我们收到一个错误:
加密异常
填充无效,无法删除.
当我们访问特定服务器时,它们加载良好.我已经研究过这个问题,似乎因为他们在两台服务器之间共享资产,我们需要在每个服务器的 web.config 中有一个一致的 machineKey,以便他们可以在两者之间一致地加密和解密.我的问题是:
- 我可以通过服务器上的工具生成
machineKey,还是需要编写代码来执行此操作? - 我是否只需要将
machineKey添加到每台服务器上的web.config一起工作?(两个web.config目前都没有machineKey)
这应该回答:
机器按键控制面板有以下设置:
取消选中在运行时自动生成"以进行验证密钥和解密密钥.
点击面板右侧操作"下的生成密钥".
点击应用".
并将以下行添加到system.web 标记下所有webservers 中的web.config 文件(如果它不存在).
请确保您有机器密钥和web.config文件的永久备份
We (our IT partner really) recently changed some DNS for a web farmed site we have, so that the two production server have round-robin DNS switching between them. Prior to this switch we didn't really have problems with WebResource.axd files. Since the switch, when we hit the live public URL, we get an error:
CryptographicException
Padding is invalid and cannot be removed.
When we hit the specific servers themselves, they load fine. I've researched the issue and it seems since they're sharing assets between two servers, we need to have a consistent machineKey in the web.config for each server so they can encrypt and decrypt consistently between the two. My questions are:
- Can I generate a
machineKeyvia a tool on the server, or do I need to write code to do this? - Do I just need to add the
machineKeyto theweb.configon each server or do you think I'll need to do anything else to make the two server work together? (Bothweb.config's currently do not have amachineKey)
This should answer:
How To: Configure MachineKey in ASP.NET 2.0 - Web Farm Deployment Considerations
Web Farm Deployment Considerations
If you deploy your application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey, which are used for hashing and decryption respectively. This is required because you cannot guarantee which server will handle successive requests.
With manually generated key values, the settings should be similar to the following example.
<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7 AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B" decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="SHA1" decryption="AES" />If you want to isolate your application from other applications on the same server, place the in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each application, but duplicate each application's keys across all servers in the farm.
In short, to set up the machine key refer the following link: Setting Up a Machine Key - Orchard Documentation.
Setting Up the Machine Key Using IIS Manager
If you have access to the IIS management console for the server where Orchard is installed, it is the easiest way to set-up a machine key.
Start the management console and then select the web site. Open the machine key configuration:
The machine key control panel has the following settings:
Uncheck "Automatically generate at runtime" for both the validation key and the decryption key.
Click "Generate Keys" under "Actions" on the right side of the panel.
Click "Apply".
and add the following line to the web.config file in all the webservers under system.web tag if it does not exist.
<machineKey
validationKey="21F0SAMPLEKEY9C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAASAMPLEKEY56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>
Please make sure that you have a permanent backup of the machine keys and web.config file
这篇关于将 machineKey 添加到 web-farm 站点上的 web.config的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
