This is about configuring the machine keys in the web.config for web-farm like scenarios. The problem is that the configuration snip from the articles list a configuration sample containing machine key values. It seems that we have quite a few customers that have been copying and pasting this directly into their production configurations without any afterthoughts – and some of them have been compromised by **ViewState injection attacks*- [ ]

• Work item to remediate all literal keys here.

  Work item to apply regex across all the legacy repo.

  Add See Appendix A: How to generate a element for instructions on generating keys.

  Search found validation_key and decryption_key as in this topic.

  Search used: site:https://learn.microsoft.com/en-us/ "machineKey" "validationKey"

  Fixed example

  related Pseudo Keys: remove #34366 Fix those in the next round.

  After all PR close: Verify machineKey decryptionKey have been remediated #34369

  First fixed article. And the PR to fix it.
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

In PR

• https://learn.microsoft.com/en-us/powershell/module/sharepoint-server/set-spmachinekey?view=sharepoint-server-ps PR: Update Set-SPMachineKey.md MicrosoftDocs/OfficeDocs-SharePoint-PowerShell#791

  https://learn.microsoft.com/en-us/purview/sit-defn-asp-net-machine-key : PR: https://github.com/MicrosoftDocs/Purview-pr/pull/3918

  https://learn.microsoft.com/en-us/archive/msdn-technet-forums/e568bfe9-4fa2-4187-ac01-7d849b0d2f9d ***ISSUE 362931

  https://learn.microsoft.com/en-au/answers/questions/1723227/validate-antiforgery-token-genereted-by-aps-net-mv

  https://learn.microsoft.com/en-us/previous-versions/aspnet/44w5aswa(v=vs.100)

  https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/troubleshooting-forms-authentication PR https://github.com/MicrosoftDocs/SupportArticles-docs/pull/1767/files

  https://learn.microsoft.com/en-us/answers/questions/1388936/application-pool-requested-a-recycle-because-it-re Work Item https://dev.azure.com/msft-skilling/Content/_workitems/edit/362936

  https://learn.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/w8h3skw9(v=vs.100) ISSUE SFI: Remove literal machine keys #34498
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Associated WorkItem - 354961