ASP.NET Machine Key

Detects ASP.NET Machine Key patterns in configuration files. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: structurally constrained pattern matching hexadecimal key values in ASP.NET machineKey configuration with corroborative keyword support reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Partial

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?i)(?:validationKey|decryptionKey)\s*=\s*"?[0-9A-Fa-f]{32,128}"?

Corroborative evidence keywords

machineKey, validationKey, decryptionKey, web.config, ASP.NET, machine key, encryption, validation, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie (+45 more)

Proximity: 300 characters

Should match

• validationKey="AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFF0000000011111111" — Standard ASP.NET validation key in hex
• decryptionKey="00112233445566778899AABBCCDDEEFF" — ASP.NET decryption key in hex (32 chars)
• validationKey="0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" — Full-length 128-char validation key

Should not match

• validationKey="AutoGenerate" — Auto-generated key placeholder, not an actual key
• validationKey="short" — Too short to be a valid hexadecimal key
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Documentation and code samples containing example machineKey configurations with placeholder hex values. Mitigation: Check for common placeholder patterns and documentation file types to reduce false positives from technical writing.
• Test configuration files with intentionally weak or example machine keys. Mitigation: Combine with corroborative evidence keywords to confirm the key appears in a production context.

References

• ASP.NET machine key entity definition - Microsoft Learn