Microsoft says to never use a key generator web site.
Like everyone else here, I added this to my web.config
.
<System.Web>
<machineKey decryptionKey="ABC123...SUPERLONGKEY...5432JFEI242"
validationKey="XYZ234...SUPERLONGVALIDATIONKEY...FDA"
validation="SHA1" />
</system.web>
However, I used IIS as my machineKey generator like so:
- Open IIS and select a website to get this screen:
- Double click the Machine Key icon to get this screen:
- Click the "Generate Keys" link on the right which I outlined in the pic above.
Notes:
- If you select the "Generate a unique key for each application"
checkbox, ",IsolateApps" will be added to the end of your keys. I had
to remove these to get the app to work. Obviously, they're not part
of the key.
- SHA1 was the default encryption method selected by IIS and if you change it, don't forget to change the validation property on machineKey in the web.config. However, encryption methods and algorithms evolve so please feel free to edit
this post with the updated preferred Encryption method or mention it
in the notes and I'll update.