View State Key Generator

When either hosting several applications on one instance of IIS or hosting applications on a farm you will most likely encounter View State issues/conflicts. This code will generate new keys that you can place in your web.config so that the conflicts are eliminated. All code included uses a random number generator based on time so future conflicts should not ever occur.

This code is for a c# based console app and was written in Visual Studio 2012. The project files are attached.

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security; using System.Security.Cryptography; using System.IO; using System.Windows.Forms;

namespace ViewStateKeyGenerator { ///

/// KeyGenerator /// Britton Scritchfield /// MrRedBeard on Instructables /// Generate Cryptographically Random Keys /// This code generates validationKeys and decryptionKeys /// http://msdn.microsoft.com/en-us/library/ff649308.aspx ///

class Program { [STAThread()] static void Main(string[] argv) { start: Console.WriteLine("Type the number value of choice below"); Console.WriteLine("SHA1 validationKey 128"); Console.WriteLine("AES decryptionKey 64"); Console.WriteLine("3DES decryptionKey 48"); //Console.WriteLine("Default is 128 & 64");

int len = 128;

try1: try { len = Convert.ToInt32(Console.ReadLine()); } catch (Exception) { Console.WriteLine("Please enter a numeric value"); goto try1; }

nextkey1: byte[] buff = new byte[len / 2]; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(buff); StringBuilder sb = new StringBuilder(len); for (int i = 0; i < buff.Length; i++) { sb.Append(string.Format("{0:X2}", buff[i])); }

Console.Clear();

//write key to screen Console.WriteLine("Key: \r\n"); Console.WriteLine(sb + "\r\n"); //write key to clipboard Clipboard.SetText(sb.ToString());

Console.WriteLine("The " + len + "bit key has been written to the clipboard.\r\n");

Console.WriteLine("Here is an example"); Console.WriteLine("

+ (char)34 + " sha1"="" "decryption=" + (char)34 + " aes"="">" + "\r\n\r\n");

Console.WriteLine("Type restart, hit enter to generate a new " + len + " bit key or quit:"); var action = Console.ReadLine(); if (action == "") { goto nextkey1; } else if (action == "restart") { goto start; }

}

} }

This code is for a php based web app. The project files are attached. See a working php example on my site http://mrb.mickred.com/fix-for-dot-net-error-validation-of-viewstate-mac-failed/ each refresh generates a new set of machine keys.

function random_string() { $character_set_array = array(); $character_set_array[] = array('count' => 10, 'characters' => 'abcdefghijklmnopqrstuvwxyz'); $character_set_array[] = array('count' => 2, 'characters' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'); $character_set_array[] = array('count' => 2, 'characters' => '0123456789'); $character_set_array[] = array('count' => 2, 'characters' => '!@#$+-*&?:'); $temp_array = array(); foreach ($character_set_array as $character_set) { for ($i = 0; $i < $character_set['count']; $i++) { $temp_array[] = $character_set['characters'][rand(0, strlen($character_set['characters']) - 1)]; } } shuffle($temp_array); return implode('', $temp_array); }

$validationKeylength = 128; $max = ceil($validationKeylength / 40); $random = ''; for ($i = 0; $i < $max; $i ++) { $random .= sha1(microtime(true).mt_rand(10000,90000).random_string()); } $validationKey = substr($random, 0, $validationKeylength);

$decryptionKeylength = 64; $max = ceil($decryptionKeylength / 40); $random = ''; for ($i = 0; $i < $max; $i ++) { $random .= sha1(microtime(true).mt_rand(10000,90000).random_string()); } $decryptionKey = substr($random, 0, $decryptionKeylength); ?>

Using the code and the generated keys edit your web.config with the following. That's it your done.

<configuration>

<system.web>

<machineKey

validationKey="Validation key"

decryptionKey="Decryption key"

validation="SHA1" decryption="AES"

/>

</system.web>

</configuration>