Current location - Quotes Website - Signature design - IIS7 key configuration method
IIS7 key configuration method

the computer key helps to protect Forms authentication Cookie data and page-level view state data. They are also used to verify out-of-process session state identities. ASP.NET uses the following types of computer keys:

-authentication key, which is used to calculate the message authentication code (MAC) to confirm the integrity of data. This key is attached to the Forms authentication Cookie or the view state of a specific page.

-decryption key, which is used to encrypt and decrypt the Forms authentication ticket and view state.

(1) Generate a computer key

1. Open IIS Manager and navigate to the level to be managed.

2. in the function view, right-click "computer key" and then click "open function".

3. on the computer key page, select an encryption method from the encryption method drop-down list. The default encryption method is "SHA1".

4. select a decryption method from the "decryption method" drop-down list. The default decryption method is "automatic".

5. in addition, you can also configure the settings of authentication key and decryption key.

6. in the actions pane, click generate key, and then click apply.

(2) Choose a computer key encryption method

By choosing a good computer key encryption method, you can enhance the security of the computer key you created.

The following encryption methods are available:

-Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192 or 256 bits. This method uses the same private key to encrypt and decrypt data, while the public key method must use paired keys.

-Message Digest 5 (MD5) is used to digitally sign applications (e.g. mail). This method will produce a 128-bit hash, which is the original data in a compressed format. MD5 can provide some protection, exams and big tips to prevent attacks from computer viruses and some programs (seemingly harmless applications, but actually destructive). These programs are called Trojans.

-secure hash algorithm (SHA1) is the default' encryption method, which is considered more secure than MD5 because it generates a 16-bit message digest. SHA1 encryption should be used whenever possible.

-triple data encryption standard (TripleDES) is slightly different from data encryption standard (DES). It is twice as fast as ordinary DES slow three, but it is more secure because its key size is 192 bits. If performance is not the main consideration, consider using TripleDES.

The specific implementation steps are as follows:

1. Open IIS Manager and navigate to the level to be managed.

2. in the function view, double-click the computer key.

3. on the computer key page, select an encryption method from the encryption method drop-down list. The default encryption method is "SHA1".

4. in the actions pane, click apply.

(3) Select the computer key decryption method

Similar to the encryption method, just perform the following steps:

1. Open IIS Manager and navigate to the level to be managed.

2. in the function view, double-click the computer key.

3. on the computer key page, select a decryption method from the decryption method drop-down list. The default decryption method is "automatic".

4. in the actions pane, click apply.

(4) Generate the verification key at runtime

If you want ASP.NET to create a random key and store it in the local security agency (LSA), you need to generate the verification key at runtime. By default, the authentication key is generated at run time. This key ensures that the Forms authentication ticket will not be tampered with and encrypted, and the view state will not be tampered with. By generating the authentication key at runtime, it can also ensure that the server can detect all the modifications made to the view state or authentication ticket when processing data, regardless of whether the modifications are made on the client computer or through the network.

1. Open IIS Manager and navigate to the level you want to manage.

2. in the function view, double-click the computer key.

3. on the "computer key" page, under "authentication key", select the "automatically generate at runtime" check box, and then click "apply" in the "actions" pane.

(5) Generate a unique authentication key for each application

When you want ASP.NET to create a random key, you can generate a unique authentication key for each application. The local security authority (LSA) uses the application ID of each application to create this key. LSA then stores this key on the Web server.

1. Open IIS Manager and navigate to the level you want to manage.

2. in the function view, double-click the computer key.

3. on the "computer keys" page, under "authentication keys", select the "generate a unique key for each application" check box, and then click "apply" in the "actions" pane.

(6) generating decryption keys at runtime

If we want ASP.NET to generate random keys and store them in the local security agency (LSA), we need to generate decryption keys at runtime. By default, the decryption key is generated at run time. This key ensures that the Forms authentication ticket will not be tampered with and encrypted, and the view state will not be tampered with. By generating the decryption key at runtime, it can also ensure that the server can detect all the changes made to the view state or authentication ticket when processing data, regardless of whether the changes are made on the client computer or through the network.

1. Open IIS Manager and navigate to the level you want to manage.

2. in the function view, double-click the computer key.

3. on the "computer key" page, under "decryption key", select the "automatically generate at runtime" check box, and then click "apply" in the "actions" pane.

(7) Generate a unique verification key for each application

When you want ASP.NET to create a random key, you can generate a unique verification key for each application. The local security authority (LSA) uses the application ID of each application to create this key. LSA then stores this key on the Web server.

1. Open IIS Manager and navigate to the level you want to manage.

2. in the function view, double-click the computer key.

3. on the "computer keys" page, under "authentication keys", select the "generate a unique key for each application" check box, and then click "apply" in the "actions" pane.

(8) generating computer keys for the Web farm

to use Forms authentication between multiple computers in the Web farm configuration, you must manually generate specific authentication and decryption key values and use them on all computers in the Web farm.

1. Open IIS Manager and navigate to the level you want to manage.

2. in the function view, double-click the computer key.

3. to generate specific authentication and decryption key values for the Web farm, on the "computer keys" page, clear "generate a unique key for each application" for authentication and decryption keys, then clear "automatically generate at runtime", and then click "generate key" in the "actions" pane to create specific key values.

4. in the actions pane, click apply.