MachineKey change does not reflect in web.config

Question

In my web application, there is an administrator ability to change the validation method/algorithm to SHA1 to HMACSHA256, HMACSHA384, etc. etc.

In the code, when I retrieve the value from the web.config using ConfigurationManager, it shows as being updated.

However, when I open up the Web.config itself, the value does not appear in the MachineKey section. Why is it now showing up?

edit: The technloogy I am using is Visual Studio C# and MVC. A portion of the web.config is below:

  <system.web>
<machineKey validationKey="22FEA7D6533FCCE331C2342A1801051F5E2890749CB2D5EF2EEABF8B0D944F389F46FA061D1A203EB75F3A9197914299676917FFD355456CFA0B49CA4C30B348"
  decryptionKey="30B2FA2A8C54665E18D9A35E3541BFED6A3E8A640DBA4070" />
<authentication mode="Forms">
  <forms name="FormsAuth1" loginUrl="https://localhost/OidcApplication/Oidc/Authenticate" timeout="2880" requireSSL="false" />
</authentication>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<httpModules>
  <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>

This is how I retrieve the machine key values:

machineKeyConfig = (MachineKeySection)GetConfigurationSection("system.web/machineKey");

And this is how I set the machine key values:

var machineKeyConfig = (MachineKeySection)GetConfigurationSection("system.web/machineKey");

machineKeyConfig.DecryptionKey = machineKeySettings.DecryptionKey;
machineKeyConfig.Validation = machineKeySettings.Validation;
machineKeyConfig.ValidationKey = machineKeySettings.ValidationKey;
machineKeyConfig.CurrentConfiguration.Save(ConfigurationSaveMode.Minimal);

which technology are you using? web forms? mvc? can you share your web config and perhaps a picture of your solution explorer window? — Francesco B., Mar 03 '18 at 19:21
Francesco, please refer to my latest edits to the post above. Thank you ! — TheFootClan, Mar 05 '18 at 17:13
Ok, could you please post the code you use to retrieve the value from the web.config? Also, how many web.config do you have in your solution (e.g. one for debug, another for production etc.)? — Francesco B., Mar 05 '18 at 18:25
Francesco, I've added the code portions of how I get and set the machine keys. — TheFootClan, Mar 07 '18 at 22:37

score 0 · Answer 1 · answered Mar 08 '18 at 08:46

First of all, I would check whether the file you are saving to is the same you are reading:

var ConfigFilePath = AppDomain.CurrentDomain.SetupInformation.ConfigurationFile;

By the way, what's the class and namespace of the GetConfigurationSection method?

MachineKey change does not reflect in web.config

1 Answers1