The MachineKeySection.DecryptionKey property is used for encryption and decryption, such as in Windows Forms authentication, and for view state when the MachineKeySection.Validation property is set to "3DES" or "AES".

Use the "AutoGenerate" option to specify that ASP.NET generates a random key and stores it in the Local Security Authority. The "AutoGenerate" option is part of the default value.

If you add the "IsolateApps" modifier to the "AutoGenerate" MachineKeySection.ValidationKey value, ASP.NET generates a unique encrypted key for each application by using each application's System.Web.HttpRuntime.AppDomainAppVirtualPath. This is the default setting.

If you add the "IsolateByAppId" modifier to the "AutoGenerate" MachineKeySection.ValidationKey value, ASP.NET generates a unique encrypted key for each application by using each application's System.Web.HttpRuntime.AppDomainAppId. If two distinct applications share a virtual path (perhaps because those applications are running on different ports), this flag can be used to further distinguish them from one another. The “IsolateByAppId” flag is understood only by ASP.NET 4.5, but it can be used regardless of the MachineKeySection.CompatibilityMode setting.

If you need to support configuration across a network of Web servers (a Web farm), set the MachineKeySection.DecryptionKey property manually to ensure consistent configuration. For information about how to manually generate values for the DecryptionKey attribute, see tp://go.microsoft.com/fwlink/?linkid=155113.

This property is typically set declaratively in the DecryptionKey attribute of the machineKey element of the Web.config file. For more information, see the machineKey element.