Asp.net Validation of viewstate MAC failed - asp.net

I am receiving the following error at certain times on asp.net website.
Sys.WebForms.PageRequestManagerServerErrorException:
Validation of viewstate MAC failed.
If this application is hosted by a Web Farm or cluster,
ensure that <machineKey> configuration specifies the
same validationKey and validation algorithm.
AutoGenerate cannot be used in a cluster.
When page refresh goes,no problem.How can I solve this problem?

Microsoft says to never use a key generator web site.
Like everyone else here, I added this to my web.config.
<System.Web>
<machineKey decryptionKey="ABC123...SUPERLONGKEY...5432JFEI242"
validationKey="XYZ234...SUPERLONGVALIDATIONKEY...FDA"
validation="SHA1" />
</system.web>
However, I used IIS as my machineKey generator like so:
Open IIS and select a website to get this screen:
Double click the Machine Key icon to get this screen:
Click the "Generate Keys" link on the right which I outlined in the pic above.
Notes:
If you select the "Generate a unique key for each application"
checkbox, ",IsolateApps" will be added to the end of your keys. I had
to remove these to get the app to work. Obviously, they're not part
of the key.
SHA1 was the default encryption method selected by IIS and if you change it, don't forget to change the validation property on machineKey in the web.config. However, encryption methods and algorithms evolve so please feel free to edit
this post with the updated preferred Encryption method or mention it
in the notes and I'll update.

If you're using a web farm and running the same application on multiple computers, you need to define the machine key explicitly in the machine.config file:
<machineKey validationKey="JFDSGOIEURTJKTREKOIRUWTKLRJTKUROIUFLKSIOSUGOIFDS..." decryptionKey="KAJDFOIAUOILKER534095U43098435H43OI5098479854" validation="SHA1" />
Put it under the <system.web> tag.
The AutoGenerate for the machine code can not be used. To generate your own machineKey see this powershell script:
https://support.microsoft.com/en-us/kb/2915218#bookmark-appendixa

I had this problem, and for me the answer was different than the other answers to this question.
I have an application with a lot of customers. I catch all error in the application_error in global.asax and I send myself an email with the error detail. After I published a new version of my apps, I began receiving a lot of Validation of viewstate MAC failed error message.
After a day of searching I realized that I have a timer in my apps, that refresh an update panel every minute. So when I published a new version of my apps, and some customer have left her computer open on my website. I receive an error message every time that the timer refresh because the actual viewstate does not match with the new one. I received this message until all customers closed the website or refresh their browser to get the new version.
I'm sorry for my English, and I know that my case is very specific, but if it can help someone to save a day, I think that it is a good thing.

This solution worked for me in ASP.NET 4.5 using a Web Forms site.
Use the following site to generate a Machine Key (for example only use secure method in production): http://www.blackbeltcoder.com/Resources/MachineKey.aspx
Copy Full Machine Key Code.
Go To your Web.Config File.
Paste the Machine Key in the following code section:
<configuration>
<system.web>
<machineKey ... />
</system.web>
</configuration>
You should not see the viewstate Mac failed error anymore. Each website in the same app pool should have a separate machine key otherwise this error will continue.

Dear All with all respict to answers up there
there are case gives this error
when web.config value is
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
and link is http not https

On multi-server environment, this error likely occurs when session expires and another instance of an application is resorted with same session id and machine key but on a different server. At first, each server produce its own machine key which later is associated with a single instance of an application. When session expires and current server is busy, the application is redirected like, via load balancer to a more operational server. In my case I run same app from multiple servers, the error message:
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that configuration specifies
the same validationKey and validation algorithm
Defining the machine code under in web.config have solve the problem.
But instead of using 3rd party sites for code generation which might be corrupted, please run this from your command shell:
Based on microsoft solution 1a, https://support.microsoft.com/en-us/kb/2915218#AppendixA
# Generates a <machineKey> element that can be copied + pasted into a Web.config file.
function Generate-MachineKey {
[CmdletBinding()]
param (
[ValidateSet("AES", "DES", "3DES")]
[string]$decryptionAlgorithm = 'AES',
[ValidateSet("MD5", "SHA1", "HMACSHA256", "HMACSHA384", "HMACSHA512")]
[string]$validationAlgorithm = 'HMACSHA256'
)
process {
function BinaryToHex {
[CmdLetBinding()]
param($bytes)
process {
$builder = new-object System.Text.StringBuilder
foreach ($b in $bytes) {
$builder = $builder.AppendFormat([System.Globalization.CultureInfo]::InvariantCulture, "{0:X2}", $b)
}
$builder
}
}
switch ($decryptionAlgorithm) {
"AES" { $decryptionObject = new-object System.Security.Cryptography.AesCryptoServiceProvider }
"DES" { $decryptionObject = new-object System.Security.Cryptography.DESCryptoServiceProvider }
"3DES" { $decryptionObject = new-object System.Security.Cryptography.TripleDESCryptoServiceProvider }
}
$decryptionObject.GenerateKey()
$decryptionKey = BinaryToHex($decryptionObject.Key)
$decryptionObject.Dispose()
switch ($validationAlgorithm) {
"MD5" { $validationObject = new-object System.Security.Cryptography.HMACMD5 }
"SHA1" { $validationObject = new-object System.Security.Cryptography.HMACSHA1 }
"HMACSHA256" { $validationObject = new-object System.Security.Cryptography.HMACSHA256 }
"HMACSHA385" { $validationObject = new-object System.Security.Cryptography.HMACSHA384 }
"HMACSHA512" { $validationObject = new-object System.Security.Cryptography.HMACSHA512 }
}
$validationKey = BinaryToHex($validationObject.Key)
$validationObject.Dispose()
[string]::Format([System.Globalization.CultureInfo]::InvariantCulture,
"<machineKey decryption=`"{0}`" decryptionKey=`"{1}`" validation=`"{2}`" validationKey=`"{3}`" />",
$decryptionAlgorithm.ToUpperInvariant(), $decryptionKey,
$validationAlgorithm.ToUpperInvariant(), $validationKey)
}
}
Then:
For ASP.NET 4.0
Generate-MachineKey
Your key will look like: <machineKey decryption="AES" decryptionKey="..." validation="HMACSHA256" validationKey="..." />
For ASP.NET 2.0 and 3.5
Generate-MachineKey -validation sha1
Your key will look like: <machineKey decryption="AES" decryptionKey="..." validation="SHA1" validationKey="..." />

WHAT DID WORK FOR ME
Search the web for "MachineKey generator"
Go to one of the sites found and generate the Machine Key, that will look like... (the numbers are bigger)
...MachineKey
validationKey="0EF6C03C11FC...63EAE6A00F0B6B35DD4B" decryptionKey="2F5E2FD80991C629...3ACA674CD3B5F068"
validation="SHA1" decryption="AES" />
Copy and paste into the <system.web> section in the web.config file.
If you want to follow the path I did...
https://support.microsoft.com/en-us/kb/2915218#AppendixA
Resolving view state message authentication code (MAC) errors
Resolution 3b: Use an explicit <machineKey>
By adding an explicit <machineKey> element to the application's Web.config file, the developer tells ASP.NET not to use the auto-generated cryptographic key. See Appendix A for instructions on how to generate a <machineKey> element.
http://blogs.msdn.com/b/amb/archive/2012/07/31/easiest-way-to-generate-machinekey.aspx
Easiest way to generate MachineKey - Ahmet Mithat Bostanci - 31 Jul 2012
You can search in Bing for "MachineKey generator" and use an online service. Honestly...
http://www.blackbeltcoder.com/Resources/MachineKey.aspx

my problem was this piece of javascript code
$('input').each(function(ele, indx){
this.value = this.value.toUpperCase();
});
Turns it was messing with viewstate hidden field so I changed it to below code and it worked
$('input:visible').each(function(ele, indx){
this.value = this.value.toUpperCase();
});

This error message is normally displayed after you have published your website to the server.
The main problem lies in the Application Pool you use for your website.
Configure your website to use the proper .NET Framework version (i.e. v4.0) under the General section of the Application Pool related to your website.
Under the Process Model, set the Identity value to Network Service.
Close the dialog box and right-click your website and select Advanced Settings... from the Manage Website option of the content menu. In the dialog box, under General section, make sure you have selected the proper name of the Application Pool to be used.
Your website should now run without any problem.
Hope this helps you overcome this error.

Validation of viewstate MAC failed. If this application is hosted by a web farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Answer :
<machineKey decryptionKey="2CC8E5C3B1812451A707FBAAAEAC9052E05AE1B858993660" validation="HMACSHA256" decryption="AES" validationKey="CB8860CE588A62A2CF9B0B2F48D2C8C31A6A40F0517268CEBCA431A3177B08FC53D818B82DEDCF015A71A0C4B817EA8FDCA2B3BDD091D89F2EDDFB3C06C0CB32" />

I had this same issue and it was due to a Gridview (generated from a vb code) on the page which had sorting enabled. Disabling Sort fixed my issue. I do not have this problem with the gridviews created using a SQLdatasource.

I am not sure how this happened but I started to get this error in my internal submit form pages. So when ever I submit something I'm getting this error. But the problem is this website is almost working 5-6 years. I don't remember I made an important change.
None of the solutions worked for me.
I have setup a machine key with the Microsoft script and copied into my web.config
I have executed asp.net regiis script.
aspnet_regiis -ga "IIS APPPOOL\My App Pool"
Also tried to add this code into the page:
enableViewStateMac="false"
still no luck.
Any other idea to solve this issue?
UPDATE:
Finally I solved the issue.
I had integrated my angular 4 component into my asp.net website.
So I had added base href into my master page. So I removed that code and it is working fine now.
<base href="/" />

There are another scenario which was happening for my customers. This was happening normally in certain time because of shift changes and users needed to login with different user.
Here is a scenario which Anti forgery system protects system by generation this error:
1- Once close/open your browser.
2- Go to your website and login with "User A"
3- Open new Tab in browser and enter the same address site. (You can see your site Home page without any authentication)
4- Logout from your site and Login with another User(User B) in second tab.
5- Now go back to the first Tab which you logged in by "User A". You can still see the page but any action in this tab will make the error.
Because your cookie is already updated by "User B" and you are trying to send a request by an invalid user. (User A)

<system.web>
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
</system.web>

I have faced the similar issue on my website hosted on IIS. This issue generally because of IIS Application pool settings. As application pool recycle after some time that caused the issue for me.
Following steps help me to fix the issue:
Open App pool of you website on IIS.
Go to Advance settings on right hand pane.
Scroll down to Process Model
Change Idle Time-out minutes to 20 or number of minutes you don't want to recycle your App pool.
Then try again . It will solve your issue.

I've experienced the same issue on our project. This Microsoft support web page helped me to find the cause. And this solution helped to sort out the issue.
In my case the issue was around ViewStateUserKey as Page.ViewStateUserKey property had an incorrect value (Caused 4 in here). Deleting localhost certificates and recreating them by repairing IIS Expres as mentioned in here fixed the issue.

Thats worked for me
Just add it :
between
system.web section
<system.web>
</system.web>

Related

Viewstate timeout error

I develop mostly for desktop so, I tend to think as WebForms as a web equivalent of WinForms. Unfortunetly this is not true.
Recently I have discovered that the Viewstate have some kind of timeout.
My problem is similar as I have read in most questions, in particular here (in my case is only around 5 to 10 minutes).
Here Microsoft says that one solution for this problem is:
<asp:Page EnableViewStateMac="False" />
However as we can read further they say:
Security Note:
This attribute should never be set to false in a production Web site,
even if the application or page does not use view state.
The view state MAC helps ensure the security of other ASP.NET functions
in addition to view state.
For this reason I don't want to set EnableViewStateMac to false and I have no access to my server (is shared hosting).
My question is: can we store the Viewstate between postbacks even if our page stay idle for a long time? If yes, how?
Thank you
The viewstate is encrypted using a machine key to ensure that it is not tampered with during postback. The machine key used to encrypt the viewstate is by default auto-generated and if the time out happens then the key's decryption will fail because the machinekey will get regenerated.
The machinekey is by default available at machine level config file.
<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1" decryption="Auto" />
To fix this, you can use your own defined machine key. You can generate using online tools as well, like this or through IIS.
How to add this machinekey to web.config can be read at MSDN.
It should be placed under the system.web section, like this -
<configuration>
<system.web>
<machineKey decryptionKey="Decryption key goes here,IsolateApps"
validationKey="Validation key goes here,IsolateApps" />
</system.web>
</configuration>

Getting the UserName in MVC3 "internet" application using User.Identity.Name

I've been getting an empty string whenever I try to retrieve the logged in username in my controller. When I first created the app, I selected 'Internet application' template. I also deleted the default account controller, account models and _logon views as I didn't need them. I'm using my own styling, so I removed site.css from the project as well.
After playing around with the web.config for a while, I figured out that "User.Identity.Name" actually works if I change the authentication mode in web.config to windows. If I leave it on 'forms' authentication mode, I only get an empty string whenever I try to get the username.
Recently, I changed the authentication mode to Windows and used User.Identity.Name in one of my controllers to get the user name, but whenever I run the app, I get an error on the browser, stating "localhost/Account/LogOn/..." is not found. (not directing to my usual view) ( I didn't make any changes in Global.asax either.)
If I change the authentication mode back to forms, my view works fine, but I don't get to see the user name (just an empty string). Is there anyway I can find a way around this problem. Is there anything wrong with routing or something ? I can't afford to start over again using "intranet Application" template.
I'm a beginner in MVC, so any help would be greatly appreciated.
Thanks
If you are using asp.net mvc, try System.Environment.UserName
inside your web.config, use
<authentication mode="Windows" />
<identity impersonate="true" />
The error you are getting is because you removed a logon view it still must be refered to somewhere within your application, so if you don't need the logon view, make sure you remove all refences to it from you code.
Internet applications works per default with forms authentication. The purpose of Windows authentication is for intranets, where the web application runs under a windows user. Then the authentication works "automatically".
If you want to have an internet application with registered users, you should put the following configuration in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Then you need an AccountController (was there in the default template and you have probably deleted) and a Logon action within the controller. You also need all the views of the account controller (logon, register, change password etc.). The best would be you create a new internet application and check everything that's there. Just copy the stuff you need into your application.
You also need a user database. The default uses an express database with standard tables and stored procedures. If needed, you can use your own tables, then you have to rewrite the methods in the account controller or write your own membership provider.
The reason why you don't see a user name is because you have no login.
EDIT: If you want to display the Windows user name, you should set the authentication mode to windows (or just delete the authentication section, as it is the default). Then you can access the user name. But you will have to delete the tag.
<authentication mode="Windows" />
Sounds like you aren't even authenticating first, so there is no username:
#if (Request.IsAuthenticated) {
<span>#User.Identity.Name</span>
}
else {
<span>You aren't authenticated</span>
}

Has anyone encountered 'Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster..'error

I did some research on this and have tried out inserting:
<machineKey decryptionKey="A4B12CCDD50E95F8GB9GFH6JKAT4Y0U0I2OF2DF2AAFE5AB46189C,IsolateApps" validation="AES" validationKey="480CDF2AS9S9AS5CFDGF0GHFH9JJH4KHKAKLJ2L9F3SAS82A6C16911A29EF48903783F94529C21570AACB72766FB38CD4CE7B85B0ACE3149DC5FC1CCF1AA1CECE3579659996593B06,IsolateApps"/>
as a solution to this error:
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
This time I get an error.
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Then it marks out the line in Config source:
<add name="DemographicDBEntities" connectionString="metadata=res://*/DemoGraph.csdl|res://*/DemoGraph.ssdl|res://*/DemoGraph.msl;provider=System.Data.SqlClient;provider connection string="data source=207.27.57.76,1433;initial catalog=DemographicDB;persist security info=False;user id=west;pwd=westhouseit;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
<machineKey decryptionKey="A4B12CCDD50E95F8GB9GFH6JKAT4Y0U0I2OF2DF2AAFE5AB46189C,IsolateApps" validation="AES" validationKey="480CDF2AS9S9AS5CFDGF0GHFH9JJH4KHKAKLJ2L9F3SAS82A6C16911A29EF48903783F94529C21570AACB72766FB38CD4CE7B85B0ACE3149DC5FC1CCF1AA1CECE3579659996593B06,IsolateApps"/>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
Is the machine key tag well constructed? I put it in a tag all by itself.
I am hosting the application on an online host so I cannot generate any machine code with IIS 7.0. I have raised several tickets to no avail. Thanks for the assistance.
I don't think you can manually specify the key and include the IsolateApps option. It must be Autogenerate,IsolateApps or a specific value without the IsolateApps option.
See the MSDN documentation for details.
I believe what the issue is that IIS doesnt have access to your webconfig file.
Try this out, if it doesnt work take a look at the link below to see if you can try and error your issue.
1.Open control panel
2.Click on” program” link (not uninstall programs)
3.Click” turn windows features on/off” link
4.locate” Internet Information services IIS” in the pop up window and expand its node
5.Expand the” World Wide Web Service” node
6.Expand “Application Development Features” node
7.check the check box of”ASP.NET”
8.Then click ok button
Below is a very interesting link that would help you:
http://support.microsoft.com/kb/942055
Below is a link to a bug report that references Windows 2003 and .Net framework 3.5 and a web garden setup.
Nothing says that the problem is restricted to Win 2003 or even framework 3.5. In a web garden situation, one can imagine that the viewstate errors would happen VERY frequently, not just when the pool recycles (as we experienced).
http://connect.microsoft.com/VisualStudio/feedback/details/412881/net-3-5-installer-breaks-web-gardens-when-used-with-custom-application-pool-identity
To fix the metabase and registry permissions issues, we simply executed the following on our web server:
\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ga domain\useraccount
We then recycled the app pool one more time to regenerate the viewstate validation key.
Whether or not this works in your situation will depend on specific details of your situation.

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster

I've read countless posts on this topic, and tried several solutions but I'm still seeing this error. I'm running iis6, .NET 2.0 on a single server. When clicking a link on my form, and new page is opened that allows the user to enter a bunch of data (it's an order form). When clicking save, I see this error:
"Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."
I've verified that the page has finished loading before clicking the save button.
I've tried:
adding enableViewStateMac="false" to the Page directive
adding this to the web.config <machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1"/>
adding viewStateEncryptionMode="Never"in the page tag in the web.config
adding enableEventValidation="false" in the page tag in the web.config (which I'm not sure I should do)
adding renderAllHiddenFieldsAtTopOfForm="false" in the page tag in the web.config
And I've checked for coding errors, but everything is working fine locally. Does anyone have another suggestions? Thanks

How do you modify the web.config appSettings at runtime?

I am confused on how to modify the web.config appSettings values at runtime. For example, I have this appSettings section:
<appSettings>
<add key="productspagedesc" value="TODO: Edit this default message" />
<add key="servicespagedesc" value="TODO: Edit this default message" />
<add key="contactspagedesc" value="TODO: Edit this default message" />
<add key="aboutpagedesc" value="TODO: Edit this default message" />
<add key="homepagedesc" value="TODO: Edit this default message" />
</appSettings>
Let's say, I want to modify the "homepagedesc" key at runtime. I tried ConfigurationManager and WebConfigurationManager static classes, but the settings are "read-only". How do I modify appSettings values at runtime?
UPDATE:
Ok, so here I am 5 years later. I would like to point out that experience has told me, we should not put any configuration that intentionally is editable at runtime in the web.config file but instead we should put it in a separate XML file as what one of the users commented below. This will not require any of edit of web.config file to restart the App which will result with angry users calling you.
You need to use WebConfigurationManager.OpenWebConfiguration():
For Example:
Dim myConfiguration As Configuration = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("~")
myConfiguration.ConnectionStrings.ConnectionStrings("myDatabaseName").ConnectionString = txtConnectionString.Text
myConfiguration.AppSettings.Settings.Item("myKey").Value = txtmyKey.Text
myConfiguration.Save()
I think you might also need to set AllowLocation in machine.config. This is a boolean value that indicates whether individual pages can be configured using the element. If the "allowLocation" is false, it cannot be configured in individual elements.
Finally, it makes a difference if you run your application in IIS and run your test sample from Visual Studio. The ASP.NET process identity is the IIS account, ASPNET or NETWORK SERVICES (depending on IIS version).
Might need to grant ASPNET or NETWORK SERVICES Modify access on the folder where web.config resides.
Changing the web.config generally causes an application restart.
If you really need your application to edit its own settings, then you should consider a different approach such as databasing the settings or creating an xml file with the editable settings.
And if you want to avoid the restart of the application, you can move out the appSettings section:
<appSettings configSource="Config\appSettings.config"/>
to a separate file. And in combination with ConfigurationSaveMode.Minimal
var config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("~");
config.Save(ConfigurationSaveMode.Minimal);
you can continue to use the appSettings section as the store for various settings without causing application restarts and without the need to use a file with a different format than the normal appSettings section.
2012
This is a better solution for this scenario (tested With Visual Studio 2008):
Configuration config = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);
config.AppSettings.Settings.Remove("MyVariable");
config.AppSettings.Settings.Add("MyVariable", "MyValue");
config.Save();
Update 2018 =>
Tested in vs 2015 - Asp.net MVC5
var config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("~");
config.AppSettings.Settings["MyVariable"].Value = "MyValue";
config.Save();
if u need to checking element exist, use this code:
var config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("~");
if (config.AppSettings.Settings["MyVariable"] != null)
{
config.AppSettings.Settings["MyVariable"].Value = "MyValue";
}
else { config.AppSettings.Settings.Add("MyVariable", "MyValue"); }
config.Save();
I know this question is old, but I wanted to post an answer based on the current state of affairs in the ASP.NET\IIS world combined with my real world experience.
I recently spearheaded a project at my company where I wanted to consolidate and manage all of the appSettings & connectionStrings settings in our web.config files in one central place. I wanted to pursue an approach where our config settings were stored in ZooKeeper due to that projects maturity & stability. Not to mention that fact that ZooKeeper is by design a configuration & cluster managing application.
The project goals were very simple;
get ASP.NET to communicate with ZooKeeper
in Global.asax, Application_Start - pull web.config settings from ZooKeeper.
Upon getting passed the technical piece of getting ASP.NET to talk to ZooKeeper, I quickly found and hit a wall with the following code;
ConfigurationManager.AppSettings.Add(key_name, data_value)
That statement made the most logical sense since I wanted to ADD new settings to the appSettings collection. However, as the original poster (and many others) mentioned, this code call returns an Error stating that the collection is Read-Only.
After doing a bit of research and seeing all the different crazy ways people worked around this problem, I was very discouraged. Instead of giving up or settling for what appeared to be a less than ideal scenario, I decided to dig in and see if I was missing something.
With a little trial and error, I found the following code would do exactly what I wanted;
ConfigurationManager.AppSettings.Set(key_name, data_value)
Using this line of code, I am now able to load all 85 appSettings keys from ZooKeeper in my Application_Start.
In regards to general statements about changes to web.config triggering IIS recycles, I edited the following appPool settings to monitor the situation behind the scenes;
appPool-->Advanced Settings-->Recycling-->Disable Recycling for Configuration Changes = False
appPool-->Advanced Settings-->Recycling-->Generate Recycle Event Log Entry-->[For Each Setting] = True
With that combination of settings, if this process were to cause an appPool recycle, an Event Log entry should have be recorded, which it was not.
This leads me to conclude that it is possible, and indeed safe, to load an applications settings from a centralized storage medium.
I should mention that I am using IIS7.5 on Windows 7. The code will be getting deployed to IIS8 on Win2012. Should anything regarding this answer change, I will update this answer accordingly.
Who likes directly to the point,
In your Config
<appSettings>
<add key="Conf_id" value="71" />
</appSettings>
in your code(c#)
///SET
ConfigurationManager.AppSettings.Set("Conf_id", "whateveryourvalue");
///GET
string conf = ConfigurationManager.AppSettings.Get("Conf_id").ToString();
Try This:
using System;
using System.Configuration;
using System.Web.Configuration;
namespace SampleApplication.WebConfig
{
public partial class webConfigFile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Helps to open the Root level web.config file.
Configuration webConfigApp = WebConfigurationManager.OpenWebConfiguration("~");
//Modifying the AppKey from AppValue to AppValue1
webConfigApp.AppSettings.Settings["ConnectionString"].Value = "ConnectionString";
//Save the Modified settings of AppSettings.
webConfigApp.Save();
}
}
}

Resources