473,224 Members | 1,404 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,224 software developers and data experts.

validation of viewstate MAC failed

I'm getting the much-hated "validation of viewstate MAC failed" error. This
is on an ASP.Net 2.0 app running in IIS with IE 6+ as the browser.

The full error text is:
Validation of viewstate MAC failed. If this application is hosted by a Web
Farm or cluster, ensure that <machineKeyconfiguration specifies the same
validationKey and validation algorithm. AutoGenerate cannot be used in a
cluster.

The app *is not* running in a cluster or web farm.

I put the following line in the web.config files for the relevant apps:

<pages validateRequest="false" enableEventValidation="false"
viewStateEncryptionMode ="Never" />

This helped, but did not completely solve, the problem. What I see now is
that, even with this fix in place, if a user leaves a browser session idle
for a while (more than 20 minutes?) the viewstate error will return.

Is this error related to something that is timing out (session lifetime,
security credential, etc)? What should I look for next?

This bug is very annoying to our end users.

Thanks!

Russell Lane


Oct 16 '06 #1
5 14018
if you want the viewstate encrytion key to survive appdomain recycles, set
the validation key in the config.

-- bruce (sqlwork.com)
"russell.lane" <ru**********@nospam.nospamwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
I'm getting the much-hated "validation of viewstate MAC failed" error.
This is on an ASP.Net 2.0 app running in IIS with IE 6+ as the browser.

The full error text is:
Validation of viewstate MAC failed. If this application is hosted by a Web
Farm or cluster, ensure that <machineKeyconfiguration specifies the same
validationKey and validation algorithm. AutoGenerate cannot be used in a
cluster.

The app *is not* running in a cluster or web farm.

I put the following line in the web.config files for the relevant apps:

<pages validateRequest="false" enableEventValidation="false"
viewStateEncryptionMode ="Never" />

This helped, but did not completely solve, the problem. What I see now is
that, even with this fix in place, if a user leaves a browser session idle
for a while (more than 20 minutes?) the viewstate error will return.

Is this error related to something that is timing out (session lifetime,
security credential, etc)? What should I look for next?

This bug is very annoying to our end users.

Thanks!

Russell Lane


Oct 16 '06 #2
Bruce -

Many thanks for the reply. Can you expand on this a bit?

What are appdomain recycles? What prompts them?
How do I set the validation key in the config?

Thanks -

"bruce barker (sqlwork.com)" <b_*************************@sqlwork.comwrote
in message news:eJ**************@TK2MSFTNGP04.phx.gbl...
if you want the viewstate encrytion key to survive appdomain recycles, set
the validation key in the config.

-- bruce (sqlwork.com)
"russell.lane" <ru**********@nospam.nospamwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
>I'm getting the much-hated "validation of viewstate MAC failed" error.
This is on an ASP.Net 2.0 app running in IIS with IE 6+ as the browser.

The full error text is:
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies the
same validationKey and validation algorithm. AutoGenerate cannot be used
in a cluster.

The app *is not* running in a cluster or web farm.

I put the following line in the web.config files for the relevant apps:

<pages validateRequest="false" enableEventValidation="false"
viewStateEncryptionMode ="Never" />

This helped, but did not completely solve, the problem. What I see now
is that, even with this fix in place, if a user leaves a browser session
idle for a while (more than 20 minutes?) the viewstate error will return.

Is this error related to something that is timing out (session lifetime,
security credential, etc)? What should I look for next?

This bug is very annoying to our end users.

Thanks!

Russell Lane



Oct 16 '06 #3
Hello Russell,

Yes, I think Bruce's explanation and suggestion is reasonable.

The reason you'll get such error when you postback a page that has been
idle at client for a long period is as below:

ASP.NET will


#How To: Configure MachineKey in ASP.NET 2.0

Oct 17 '06 #4
Sorry for the previous corrupted reply.
======================================

Hello Russell,

Yes, I think Bruce's explanation and suggestion is reasonable.

The reason you'll get such error when you postback a page that has been
idle at client for a long period is as below:

ASP.NET web page use ViewState to store some persisted states and info of
webcontrols on the page. And this is stored in a <input name="__VIEWSTATE"
..../ html hidden element. And since this data is sensitive, ASP.NET by
default enable the ViewStateMac for every page. This ViewStateMAC is like a
simple digest&signatuer of the ViewState append in the Viewstate and
whenever postback, the ASP.NET runtime will verify the viewstate(with the
digest signature) to see whether it is tampered or not.

The digest&signature of Viewstate is generated based on a validationkey,
this key is bydefault autogenerated and will vary between different
applications or before and after application restart. Therefore, when the
user request a page and let it idle at client-side for a long period, if
the web application at server-side has restart(appdomain recycle or process
recycle), the validationkey(used to generate viewstate MAC) will be
changed, thus, if you postback with the old viewstate & MAC, the
server-side runtime will fail to verify it and report ViewState validation
error. You will also encounter such problem when you visit a page from
google's cache image(with invalid viewsate content it it).

Bruce's suggestion is that you can manually specify the validation key in
the machine.config or application's web.config so that the ASP.NET runtime
will always use the fixed key to generate the ViewState MAC(no matter the
application has restarted or not). And in webfarm environment you can event
make different applications on different server use the same key.

Here is a good article detailedly describe how to generate a custom Key and
specify it in the web.config file:
#How To: Configure MachineKey in ASP.NET 2.0
http://msdn.microsoft.com/library/en...7.asp?frame=tr
ue
Hope this help clarify some. If you have anything unclear, please feel free
to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
Oct 17 '06 #5
Hello Russell,

Have you got any further ideas on this issue or does the information in my
last reply helps some?

Please feel free to post here if there is anything else we can help

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.


Oct 19 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Sergej Grickov | last post by:
Hello, all! I started to develop my application with ASP.Net 2.0 and got the strange behavior with pages, where user change any form control (i.e. checkbox, button, etc.). Ex.: when I clicked...
1
by: Dhruba Bandopadhyay | last post by:
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm....
2
by: Jeremy Chapman | last post by:
This is odd behavior. In my aspnet 2.0 app (basic app, nothing out of the ordinary here), if I am using my iPAQ handheld device and I hit the refresh button on my page, I get an error "Validation...
6
by: sck10 | last post by:
Hello, I have applications that produce the following error when they have been open to long without activity. Is there any way to force a re-load of the page or go to another page if the page...
6
by: Gibble | last post by:
We have been receiving 100s of this error: ---------- Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKeyconfiguration specifies...
5
by: SpaceMarine | last post by:
hello, when my page attempts a Telerik RadGrid row insert (AJAX enabled) my page throws this exception: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or...
3
by: sck10 | last post by:
Hello, I have a web project (VS 2008 c#). I have a page that opens, but when I try to call an assembly (managed c++) on a submit event, I get the following error on the web server, but not on...
1
by: daveh551 | last post by:
Okay, I've googled this, and come up with several articles, but none of them seem to apply to my site. I have an eCommerce site with a product category tree in the left navigation bar. The tree...
0
by: skozyk | last post by:
I kept getting the following error: "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.