C# – Validation of viewstate MAC failed

asp.netc

Running the ASP.NET webforms run the application works fine. When the application is idle for 4 to 5 minutes, it is giving this error:

Validation of viewstate MAC failed. If
this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies
the same validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.

How can this be solved?

Best Answer

This free online tool: http://aspnetresources.com/tools/machineKey generates a machineKey element under the system.web element in the web.config file. Here is an example of what it generates:

<machineKey validationKey="1619AB2FDEE6B943AD5D31DD68B7EBDAB32682A5891481D9403A6A55C4F91A340131CB4F4AD26A686DF5911A6C05CAC89307663656B62BE304EA66605156E9B5" decryptionKey="C9D165260E6A697B2993D45E05BD64386445DE01031B790A60F229F6A2656ECF" validation="SHA1" decryption="AES" />

Once you see this in your web.config, the error itself suddenly makes sense. The error you are getting says

"ensure that configuration specifies the same validationKey and validation algorithm".

When you look at this machineKey element, suddenly you can see what it is talking about.

Modifying the pages element under the system.web element may not be necessary with this in place. This avoids the security problems associated with those attributes.

By "hard coding" this value in your web.config, the key that asp.net uses to serialize and deserialize your viewstate stays the same, no matter which server in a server farm picks it up. Your encryption becomes "portable", thus your viewstate becomes "portable".

I'm just guessing also that maybe the very same server (not in a farm) has this problem if for any reason it "forgets" the key it had, due to a reset on any level that wipes it out. That is perhaps why you see this error after an idle period and you try to use a "stale" page.

Related Solutions

Javascript – Validation of viewstate MAC failed. while submitting a form using javascript

You are getting the error because your viewstate times out, a security feature. I wouldn't play around with the machine key, have you set the enableViewStateMac="False" right on your .aspx page?

C# – Validation of viewstate MAC failed -View State Error

Although it's an old question, I will answer anyway because it might help someone else. So I had this problem in the past few days, and I realized that I started getting this error after I configured my cookies as HttpOnly and Require SSL:

  </system.web>
    <httpCookies httpOnlyCookies="true" requireSSL="true" />
  </system.web>

Turns out that I just forgot to configure Visual Studio to open the SSL URL of my website. So as long as it opened the regular Url, the cookies couldn't be sent, and that what caused the error.

In order to change the default Url, you simply need to figure out what is your SSL url: Click the project on solution explorer and press F4 (not Right Click -> Properties) and over there you'll see SLL URL under the the Development Server section. After that, go to the project properties page (Right Click -> Properties) and in the Web tab, put the SSL Url as the Project Url.

Best Answer

Related Solutions

Javascript – Validation of viewstate MAC failed. while submitting a form using javascript

C# – Validation of viewstate MAC failed -View State Error

Related Topic