machinekey

I have hosted an Owin WebAPI Server in an Azure Worker Role. The Owin Authentication middleware seems to use the MachineKey to encrypt and generate Tokens. This works perfectly when I have only one instance of this role, but as soon as I want to use several instances, the tokens generated by each instance are differents. This is the same problem as a web farm, Azure automatically solves this for WebRoles using the same .net Machine Key for all instances in Web.config. But this does not work for Worker Role instances. Is there a trick to have Azure using the same machine key for all the

We have a long-lived ASP.NET 3.5 application we are moving from a physical server running Windows 2005+IIS 6 to a virtual one running Windows 2008+IIS7. The new machine will assume the identify of the old one - IP's, DNS, etc. Our clients keep our site up for hours - sometimes even days. My fear is that when we make this switch-over, suddenly all thier viewstates will fail to validate because the MachineKey will have changed. Is this kind of disruption avoidable? Can I 'set' the new server's machineKey to be the same as the one in use now? I think it is autogenerated - can I find out what it

I have been using dotnet core to create an application that runs in a Kubernetes cluster on Linux hosts. As I was testing it noticed getting exceptions when validating the CSRF tokens, that makes sense since I did not edit the machine key to be the same on every instance yet. As i proceeded to set the machine key in web.config i noticed this would no longer work in .Net Core. As is is now using the DataProtection API, the machine key no longer worked. I tried implementing the api into my application, but when i read i would need to use a network share to exchange the keys between all instances

I want to pass the authentication cookie from my ASP.Net MVC 5 (.Net 4.5.1, hosted locally on iisexpress, run from Visual Studio) to my WCF Service (.Net 4.5.1, hosted locally on WcfSvcHost, run from same Visual Studio Solution) and decrypt it there. I have configured both to use the same machinekey (Web.config for ASP, App.config for WCF): <machineKey validationKey="930681CA8CDC1BC09118D6B37E4A1B7712CEDBBD9FA1E35407EA1CD440C7E6F2DB9E93DADAC4098F90ACC7417DBE57C196722FC67F313A6AAE0F946E2FF731B6" decryptionKey="714C9581DA522C636B2D97D80276D5ACC02C274A11ABF117C76181B0480D4AEA" validation="SHA1"

I am attempting to turn on viewstate encryption Always as a security measure for my ASP.NET 3.5 website hosted in IIS6. We have viewstate turned off but still see some "controlstate" in this string. In a test environment I am able to simply set the following in web.config and i can no longer base64 decode the viewstate to semi-plaintext: <pages enableViewState="false" enableViewStateMac="true" viewStateEncryptionMode="Always"> I have even added the following (genereated by machine key generater ) to machine.config and still encrypts the viewstate fine on my test server: <machineKey