/// <summary>
/// calls to this method should be made inside a try catch log
/// we don't expect the Web.config file to be writable in general but it usually is on a new
/// installation so we can go ahead and try to update to a custom machine key
/// </summary>
public static void EnsureCustomMachineKey()
{
SecurityAdvisor securityAdvisor = new SecurityAdvisor();
if (securityAdvisor.UsingCustomMachineKey()) { return; } //already using a custom key
string webConfigPath = HostingEnvironment.MapPath("~/Web.config");
var xmlConfig = new XmlDocument();
xmlConfig.Load(webConfigPath);
XmlNode xmlMachineKey = xmlConfig.SelectSingleNode("/configuration/location/system.web/machineKey");
if(xmlMachineKey == null)
{
xmlMachineKey = xmlConfig.SelectSingleNode("/configuration/system.web/machineKey");
}
string validationKey = SiteUtils.GenerateKey(128);
string decryptionKey = SiteUtils.GenerateKey(64);
XmlAttribute attrib = xmlMachineKey.Attributes["validationKey"];
attrib.InnerText = validationKey;
attrib = xmlMachineKey.Attributes["decryptionKey"];
attrib.InnerText = decryptionKey;
var writer = new XmlTextWriter(webConfigPath, null) { Formatting = Formatting.Indented };
xmlConfig.WriteTo(writer);
writer.Flush();
writer.Close();
}
