But, I have turned that security off. There shouldn't be any validation on that. I also checked the pages. And, I can easily see that they are faster to be generated and smaller as the long encryption string is no longer part of it. So, why would .NET still be validating on that. This is what I don't understand.