Our production environment has three load-balanced servers. On each server, there are nine sites in IIS. In each site, there are between 1 and 15 different apps.
To maintain proper encryption/decryption across all three servers, the same validationKey and decryptionKey should be used for the corresponding apps. This can be set at three levels: - Server level in machine.config - Site level in web.config - App level in web.config
There are obviously pros and cons to setting it at each level but I was wondering if anyone can give some concrete reasons to do it at server vs. site vs. app.
In the machineKey Web Farm Deployment Considerations section, there is a blurb
If you want to isolate your application from other applications on the same server, place the in the Web.config file for each application on each server in the farm.
Is the validationKey a big enough threat vector to justify using a different key on ~100 different apps across three servers? I know, I know. How much risk am I willing to take? What industry am I in? What would I want someone to do with my data? etc.
Of course, I suspect that in the end, we will put it at all three levels just to make sure that we cover our bases across the board when new sites or apps are added. But I'm not really looking forward to the regression testing effort.
Thanks, Matt