Can one make up one's own cookie encrypt and decrypt keys?

R

Randall Parker

I'm just learning web security and so this might be a naive question:

I'm looking here:
http://msdn.microsoft.com/library/d...pconformsauthenticationacrossapplications.asp

and see validationKey and decryptionKey in their example. Do those keys encrypt and
decrypt cookies that get sent to browsers?

Can one make up one's own keys or does one have to buy them? If one has to buy them
then from where and at what cost?

Also, I thought I understood the basics of XML but this bit is confusing:

<!-- Validation and decryption keys must exactly match and cannot
be set to "AutoGenerate". The validation algorithm must also
be the same. -->
<machineKey>
validationKey=
"C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
validation="SHA1"
isolateApplications="false"
</machineKey>

Note that the validationKey, decryptionKey, validation, and isolateApplications are
not attributes of machineKey since they do not occur before the greater than sign.
Also, they are not in their own separate elements. So do they get parsed out?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Invalid ViewState and Machine Keys 1
Single Sign On Not Working 1
How do I Use DPAPI to Encrypt and Decrypt Data (C#/VB.NET)? 0
forms authentication with loginurl on a remote machine 9
Sharing ASP.NET Session State through different web applications 0
Can't make this page work 6
Asp.net Important Topics. 0
One Small step one infinite leap 1

Members online

Total: 56 (members: 1, guests: 55)
Robots: 214

Forum statistics

Threads
473,766
Messages
2,569,569
Members
45,045
Latest member
DRCM

Latest Threads

Top