I am using MachineKey API to encrypt/decrypt a piece of information in an ASP.NET application. I am using

MachineKey.Encode(data, MachineKeyProtection.All)

and

MachineKey.Decode(data, MachineKeyProtection.All)

methods of API. Everything works great on Windows 8 and Windows Server 2012 when Load User Profile is enabled. The problem is for some reason it doesn't survive app pool restart on Windows Server 2008 R2 with IIS 7.5.

Initially I had impression that I will need to enable Load User Profile setting on Application Pool but that doesn't make any difference. Any idea what I could be missing here?

Thanks

It could be that a new machine key is being generated by IIS each time the Application Pool recycles. Try setting a static machine key in your web.config as described here: IIS 7 Tip #10 You can generate machine keys from the IIS manager. Without explicitly setting a static machine key, your encryption/decryption key is a moving target.

@pstricker is right, if there's no machine key defined, then on app pool startup a new key is generated. MachineKey API is based on the machine key, so it needs to be set somewhere. If you don't want to set the machineKey in the application's web config, you can still do it in the server's machine config, here: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config"

Also, if you want a per app pool machine key, you can do what's described here.