There are few scenarios that you want to add MachineKey into your web application’s web.config:
- You have a web farm and in each server the machine.config set to auto generate machinekey.
- You want to use “Encyrpted” password format in ASP.NET membership provider.
- You get intermittent error of “Validation of viewstate MAC failed…..”
To fix problem #3, you can also set one of all these in the <page settings:
<page enableEventValidation=”false” viewStateEncryptionMode=”Never” enableViewStateMac=”false”
However you have to be aware of the risk of this change, as it opens door for ViewState value tampering. (Joteke has an intersting finding on large pages having gridview control. Basically in this case, you have to set above values for avoid the error, which is casued by the position of a hidden field containing some encrypted information.)
The <machineKey> should be put inside <system.web> section.