This one puzzled me a bit – but I wanted to encrypt my viewstate in Sitecore. I set my machine key, and set my algorithms – but it didn’t seem to do anything.
Well, the <pages> node has a viewStateEncryptionMode setting.
<pages validateRequest="true" viewStateEncryptionMode="Always">
Turn that on, and all seems good.
When deploying Sitecore, especially if you’ve got multiple Content Delivery servers, don’t forget to set a <MachineKey> in your web.config file.
The MachineKey is used to encrypt and secure the page’s ViewState. By default, the .NET framework uses that machine’s own MachineKey, but should your view state get sent to another content delivery server with a different key, well, then the ViewState will be invalid. That’s something of a problem. Continue reading “Don’t forget to set a machine key”