Skip to main content

How to fix "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster" ?


Reason of this error:
View state data that is transferred between the client and the server is always validated to ensure that the ViewState data is not tampered. As the ViewState data is encrypted and decrypted, a unique key is used to encrypt/decrypt this data. When the application is hosted on a single machine, then there is no issue as the key will always be same for both encryption and decryption process. But this will not be the case in web farm because this key value will be different across the servers.
How to fix:
There are three solutions to fix this issue:
First solution is to set the EnableViewStateMac to false in the web.config: EnableViewStateMac is the attribute of the Page tag that comes under the <system.web>. It will look like:
<system.web>
<pages enableViewStateMac="false">
.
.
.
</pages>
</system.web>
Second solution is to set the EnableViewStateMac to false at page level as:
<%@ Page EnableViewStateMac="false" Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
But we need to do this for all pages across the application. So it becomes very time consuming job if we have to implement it on large application having many pages.
Third and recommended solution is to specify our own value for encryption and decryption in the web.config file. We can generate the machine key via the Unique Machine KeyGenerator. The generated key will be the same across all the servers. Below is the sample keys.
<system.web>
<machineKey validationKey='D3A686722DDE36968147312E2D0EF0F61AC13C1725723317ABE201CE98EF3876E962748E28307308BBA1B4C9E670D52822C8B19E35657725C798FA51E6641F0C' decryptionKey='85C571FEEBFAF94517FAAC3136A29CAAA800033B909EDB52' validation='SHA1'/>
</system.web>
Note: Generate your own keys and replace the validationKey and decryptionKey with your own unique generated keys.
All the three solutions will fix the issue, but it is always recommended to go with specifying the custom key for encryption and decryption in web.config. This is because when we set the EnableViewStateMac value to false we expose our application to security threats. This is because validation of view state will not happen in this case.
Labels:

Comments

Post a Comment

Popular posts from this blog

Top 10 ASP.NET Web API Interview Questions

What is ASP.NET Web API? ASP.NET Web API is a framework that simplifies building HTTP services for broader range of clients (including browsers as well as mobile devices) on top of .NET Framework. Using ASP.NET Web API, we can create non-SOAP based services like plain XML or JSON strings, etc. with many other advantages including: Create resource-oriented services using the full features of HTTP Exposing services to a variety of clients easily like browsers or mobile devices, etc. What are the Advantages of Using ASP.NET Web API? Using ASP.NET Web API has a number of advantages, but core of the advantages are: It works the HTTP way using standard HTTP verbs like  GET ,  POST ,  PUT ,  DELETE , etc. for all CRUD operations Complete support for routing Response generated in JSON or XML format using  MediaTypeFormatter It has the ability to be hosted in IIS as well as self-host outside of IIS Supports Model binding and Validation Support for OD...
2 comments
Read more

Extension methods in C#

Consider the class C# 1 2 3 4 5 6 7 8 9 10 11 12 13          namespace ExtensionMethod      {          public class testClass {              public string sayHello ( ) {              return "Hello" ;            }        }      }     Invoke the above from your form using C# 1 2 3 4 5 6          testClass test = new testClass ( ) ;      MessageBox . Show ( test . sayHello ( ) ) ;     This will show “Hello” in message box. Consider the scenario where you don...
5 comments
Read more

What is cookie? Advantages and disadvantages of cookies?

What is cookie? A cookie is a small piece of text file stored on user's computer in the form of name-value pair. Cookies are used by websites to keep track of visitors e.g. to keep user information like username etc. If any web application using cookies, Server send cookies and client browser will store it. The browser then returns the cookie to the server at the next time the page is requested. The most common example of using a cookie is to store User information, User preferences, Password Remember Option etc.It is also one of the common and mostly asked interview questions. Some facts about Cookie Here are a few facts to know about cookies: · Cookies are domain specific i.e. a domain cannot read or write to a cookie created by another domain. This is done by the browser for security purpose. · Cookies are browser specific. Each browser stores the cookies in a different location. The cookies are browser specific and so a cookie created in one browser(e.g in Google Chrome...
2 comments
Read more