{"id":1986,"date":"2017-05-17T08:48:06","date_gmt":"2017-05-17T07:48:06","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/lavanack\/?p=1986"},"modified":"2021-06-14T13:57:05","modified_gmt":"2021-06-14T11:57:05","slug":"machinekey-generation","status":"publish","type":"post","link":"https:\/\/laurentvanacker.com\/index.php\/2017\/05\/17\/machinekey-generation\/","title":{"rendered":"G\u00e9n\u00e9ration des MachineKeys .Net dans des environnements \u00e0  r\u00e9partition de charge \/ .Net MachineKeys generation for loadbalanced environments."},"content":{"rendered":"<p align=\"justify\"><a href=\"#en-us\" name=\"fr-fr\">Go to English version<\/a><\/p>\n<p align=\"justify\">Les serveurs IIS de production sont souvent membres d\u2019une ferme de serveurs Web (A la fois des raisons de performance et de fiabilit\u00e9). Or dans le cadre d\u2019applications ASP.Net il est obligatoire d\u2019uniformiser les MachineKeys des applications sur l\u2019ensemble de ces serveurs (je vous invite \u00e0 consulter le liens ci-dessous si vous en ignorez la raison). Ce point est parfois oubli\u00e9 lors du passage en production. Je vous propose ici un <a href=\"https:\/\/github.com\/lavanack\/laurentvanacker.com\/blob\/master\/Windows%20Powershell\/IIS\/MachineKeys.ps1\">script<\/a> qui vous permettra de le faire (via notamment gr\u00e2ce \u00e0 l\u2019appel \u00e0 la fonction Push-MachineKey et apr\u00e8s avoir configur\u00e9 correctement au moins un serveur \u201csource\u201d de la mani\u00e8re suivante (et pour toutes les applications concern\u00e9es) :<\/p>\n<p align=\"justify\"><a href=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2017\/05\/Untitled-1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"border: 0px currentcolor; padding-top: 0px; padding-right: 0px; padding-left: 0px;\" title=\"Untitled\" src=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2017\/05\/Untitled_thumb.png\" alt=\"Untitled\" width=\"722\" height=\"288\" border=\"0\" \/><\/a><\/p>\n<ol>\n<li>\n<div align=\"justify\">D\u00e9cocher les deux cases \u00e0 cocher sous \u201cValidation Key\u201d<\/div>\n<\/li>\n<li>\n<div align=\"justify\">D\u00e9cocher les deux cases \u00e0 cocher sous \u201cDecryption Key\u201d<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Cliquer sur \u201cGenerate Keys\u201d\u2019<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Cliquer sur \u201cApply\u201d<\/div>\n<\/li>\n<\/ol>\n<p align=\"justify\">Une fois le serveur \u201csource\u201d correctement configur\u00e9, c\u2019est lui qui servira de mod\u00e8le pour la duplication des MachineKeys. Il suffit de lancer le <a href=\"https:\/\/github.com\/lavanack\/laurentvanacker.com\/blob\/master\/Windows%20Powershell\/IIS\/MachineKeys.ps1\">script<\/a> ci-dessous (depuis le serveur \u201csource\u201d) apr\u00e8s avoir modifi\u00e9 la variable $TargetIISServers pour y mettre la liste des serveurs cibles (ie. les autres serveurs de la ferme Web).<\/p>\n<p align=\"justify\">Il existe d\u2019autres fonctions pr\u00e9sentes dans le <a href=\"https:\/\/github.com\/lavanack\/laurentvanacker.com\/blob\/master\/Windows%20Powershell\/IIS\/MachineKeys.ps1\">script<\/a> que je vais sommairement expliquer ci-apr\u00e8s :<\/p>\n<ul>\n<li>\n<div align=\"justify\">Get-MachineKey : Retourne la liste des MachinesKey locales sous forme de tableau<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Set-MachineKey : Valorise les MachinesKey locales depuis un tableau pass\u00e9 en argument. Cette fonction supporte les switchs <em>\u2013whatif<\/em> et <em>\u2013confirm<\/em> (Risk Mitigation)<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Push-MachineKey : Pousse les MachineKey locales sur les ordinateurs pass\u00e9es en argument (via du Remoting PowerShell)<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Show-MachineKey : Affiche (et retourne si <em>\u2013passthru<\/em> est sp\u00e9cifi\u00e9) les machines key sur les machines pass\u00e9es en param\u00e8tres.<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Export-MachineKey : Exporte la liste des MachinesKey locales dans le fichier CSV pass\u00e9 en argument<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Import-MachineKey : Importe localement les MachinesKey depuis le fichier CSV pass\u00e9 en argument<\/div>\n<\/li>\n<\/ul>\n<p align=\"justify\"><strong>Liens utiles :<\/strong><\/p>\n<ul>\n<li>\n<div align=\"justify\">Generate a Unique Validation Key for Each Application (IIS 7) : <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc754909(v=ws.10).aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/cc754909(v=ws.10).aspx<\/a><\/div>\n<\/li>\n<li>\n<div align=\"justify\">machineKey Element (ASP.NET Settings Schema) : <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/w8h3skw9(v=vs.71).aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/w8h3skw9(v=vs.71).aspx<\/a><\/div>\n<\/li>\n<li>\n<div align=\"justify\">How To: Configure MachineKey in ASP.NET 2.0 : <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ff649308.aspx#paght000007_webfarmdeploymentconsiderations\">http:\/\/msdn.microsoft.com\/en-us\/library\/ff649308.aspx#paght000007_webfarmdeploymentconsiderations<\/a><\/div>\n<\/li>\n<li>\n<div align=\"justify\">Generate a Machine Key for a Web Farm (IIS 7) : <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc731979(v=WS.10).aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/cc731979(v=WS.10).aspx<\/a><\/div>\n<\/li>\n<\/ul>\n<p align=\"justify\"><img decoding=\"async\" src=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2017\/01\/012717_1333_Fusionnerde1.png\" alt=\"\" \/><\/p>\n<p align=\"justify\"><a href=\"#fr-FR\" name=\"en-us\">Aller \u00e0 la version fran\u00e7aise<\/a><\/p>\n<p align=\"justify\">IIS production servers are often members of a Web server farm (for performance and reliability reasons). However, in the context of ASP.Net applications, it is mandatory to standardize the MachineKeys of applications on all of these servers (I invite you to consult the links below if you do not know the reason). This point is sometimes forgotten in the production environment. I propose here a <a href=\"https:\/\/github.com\/lavanack\/laurentvanacker.com\/blob\/master\/Windows%20Powershell\/IIS\/MachineKeys.ps1\">script<\/a> that will allow you to do this (via the call to the Push-MachineKey function and after having correctly configured at least one \u00ab\u00a0source\u00a0\u00bb server in the following way (and for all the applications concerned) :<\/p>\n<p align=\"justify\"><a href=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2017\/05\/Untitled1-1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"border: 0px currentcolor; padding-top: 0px; padding-right: 0px; padding-left: 0px;\" title=\"Untitled\" src=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2017\/05\/Untitled_thumb1-1.png\" alt=\"Untitled\" width=\"722\" height=\"284\" border=\"0\" \/><\/a><\/p>\n<ol>\n<li>\n<div align=\"justify\">Uncheck the two checkboxes under \u201cValidation Key\u201d<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Uncheck the two checkboxes under \u201cDecryption Key\u201d<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Click on \u201cGenerate Keys\u201d\u2019<\/div>\n<\/li>\n<li>\n<div align=\"justify\">Click on \u201cApply\u201d<\/div>\n<\/li>\n<\/ol>\n<p align=\"justify\">Once the \u00ab\u00a0source\u00a0\u00bb server is correctly configured, it will be the template for the duplication of the MachineKeys. Just run the <a href=\"https:\/\/github.com\/lavanack\/laurentvanacker.com\/blob\/master\/Windows%20Powershell\/IIS\/MachineKeys.ps1\">script<\/a> below (from the \u00ab\u00a0source\u00a0\u00bb server) after modifying the $TargetIISServers variable to set the list of target servers (ie. the other servers in the Web farm).<\/p>\n<p>There are other functions present in the <a href=\"https:\/\/github.com\/lavanack\/laurentvanacker.com\/blob\/master\/Windows%20Powershell\/IIS\/MachineKeys.ps1\">script<\/a> that I will briefly explain hereafter:<\/p>\n<ul>\n<li>Get-MachineKey: Returns the list of local MachinesKey as an array<\/li>\n<li>Set-MachineKey: Sets the local MachinesKey from an array passed as argument. This function supports the -whatif and -confirm (Risk Mitigation)<\/li>\n<li>Push-MachineKey: Pushes the local MachineKey on the computers passed as argument (via the PowerShell Remoting)<\/li>\n<li>Show-MachineKey: Displays (and returns if -passthru is specified) the MachineKey on the computers passed as argument.<\/li>\n<li>Export-MachineKey: Exports the list of the local MachinesKey in the CSV file passed as argument<\/li>\n<li>Import-MachineKey: Locally imports the MachinesKey from the CSV file passed as argument<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p align=\"justify\"><strong>Useful links:<\/strong><\/p>\n<ul>\n<li>\n<div align=\"justify\">Generate a Unique Validation Key for Each Application (IIS 7) : <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc754909(v=ws.10).aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/cc754909(v=ws.10).aspx<\/a><\/div>\n<\/li>\n<li>\n<div align=\"justify\">machineKey Element (ASP.NET Settings Schema) : <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/w8h3skw9(v=vs.71).aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/w8h3skw9(v=vs.71).aspx<\/a><\/div>\n<\/li>\n<li>\n<div align=\"justify\">How To: Configure MachineKey in ASP.NET 2.0 : <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ff649308.aspx#paght000007_webfarmdeploymentconsiderations\">http:\/\/msdn.microsoft.com\/en-us\/library\/ff649308.aspx#paght000007_webfarmdeploymentconsiderations<\/a><\/div>\n<\/li>\n<li>\n<div align=\"justify\">Generate a Machine Key for a Web Farm (IIS 7) : <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc731979(v=WS.10).aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/cc731979(v=WS.10).aspx<\/a><\/div>\n<\/li>\n<\/ul>\n<div align=\"justify\">\n<div id=\"scid:9D7513F9-C04C-4721-824A-2B34F0212519:a1e7b125-4a27-479e-871b-f4d3ecee6449\" class=\"wlWriterSmartContent\" style=\"margin: 0px; padding: 0px; float: none;\">\n<p>Laurent<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Go to English version Les serveurs IIS de production sont souvent membres d\u2019une ferme de serveurs Web (A la fois des raisons de performance et [&#8230;]<\/p>\n","protected":false},"author":2,"featured_media":2472,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,7,19],"tags":[20,25,29,39],"class_list":["post-1986","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-net","category-iis","category-powershell","tag-net","tag-iis","tag-machinekey","tag-powershell"],"_links":{"self":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts\/1986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/comments?post=1986"}],"version-history":[{"count":10,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts\/1986\/revisions"}],"predecessor-version":[{"id":3042,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts\/1986\/revisions\/3042"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/media\/2472"}],"wp:attachment":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/media?parent=1986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/categories?post=1986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/tags?post=1986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}