58 lines
2.5 KiB
PowerShell
58 lines
2.5 KiB
PowerShell
function New-MachineConfigMachineKeys {
|
|
<#
|
|
.SYNOPSIS
|
|
Add new MachineKey nodes to machine.config
|
|
#>
|
|
[CmdletBinding()]
|
|
Param()
|
|
|
|
$logLead = Get-LogLeadName
|
|
|
|
[XML]$machineConfig = Read-MachineConfig
|
|
[System.Xml.XmlElement]$configRoot = $machineConfig.configuration
|
|
$machineConfigIsDirty = $false
|
|
|
|
$config = $configRoot.SelectSingleNode("//system.web")
|
|
$machineKeyNode = $config.SelectSingleNode("//machineKey")
|
|
|
|
if ($null -eq $machineKeyNode) {
|
|
Write-Host "$logLead : Creating machineKey Node"
|
|
$machineKeyNode = $machineConfig.CreateElement("machineKey")
|
|
$config.AppendChild($machineKeyNode) | Out-Null
|
|
}
|
|
|
|
if ($null -eq $machineKeyNode.Attributes["validationKey"] -or [String]::IsNullOrEmpty($machineKeyNode.Attributes["validationKey"].Value)) {
|
|
$newKey = Get-MachineKeyValidationKey
|
|
Write-Verbose ("$logLead : Setting validationKey to {0}" -f $newKey)
|
|
$machineKeyNode.SetAttribute("validationKey", $newKey);
|
|
$machineConfigIsDirty = $true
|
|
} else {
|
|
# Prefer the existing value if it exists to avoid modifying the machine.config unnecessarily
|
|
Write-Warning "$logLead : A validation key is already set in the machine.config. Manually verify that the value is identical across the app\web tier servers"
|
|
}
|
|
|
|
if ($null -eq $machineKeyNode.Attributes["decryptionKey"] -or [String]::IsNullOrEmpty($machineKeyNode.Attributes["decryptionKey"].Value)) {
|
|
$newKey = Get-MachineKeyDecryptionKey
|
|
Write-Verbose ("$logLead : Setting decryptionKey to {0}" -f $newKey)
|
|
$machineKeyNode.SetAttribute("decryptionKey", $newKey);
|
|
$machineConfigIsDirty = $true
|
|
} else {
|
|
# Prefer the existing value if it exists to avoid modifying the machine.config unnecessarily
|
|
Write-Warning "$logLead : A decryptionKey key is already set in the machine.config. Manually verify that the value is identical across the app\web tier servers"
|
|
}
|
|
|
|
if ($machineKeyNode.Attributes["decryption"].Value -ne $decryptionMethod) {
|
|
Write-Verbose ("$logLead : Setting decryption to {0}" -f $decryptionMethod)
|
|
$machineKeyNode.SetAttribute("decryption", $decryptionMethod);
|
|
$machineConfigIsDirty = $true
|
|
}
|
|
|
|
if ($machineConfigIsDirty) {
|
|
Write-Host "$logLead : Saving Modified machine.config"
|
|
$machineConfig.Save($machineConfigPath)
|
|
} else {
|
|
Write-Host "$logLead : No changes required to the machine.config"
|
|
}
|
|
}
|
|
|
|
Set-Alias -name Create-MachineConfigMachineKeys -value New-MachineConfigMachineKeys; |