Introduction: In this article I will explain the reason and
solution to fix to the error “Validation of viewstate MAC failed. If this
application is hosted by a Web Farm or cluster, ensure that configuration
specifies the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster”.
In previous
article I explained the solution to errors like The files use a different language,which is not allowed since they need to be compiled together and Control 'GridView1' of type 'GridView' must be placed inside a form tag with runat=server and WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for 'jquery'. Please add a ScriptResourceMapping named jquery(case-sensitive)
Reason of this error:
View state data that is
transferred between the client and the server is always validated to ensure
that the ViewState data is not tampered. As the ViewState data is encrypted and
decrypted, a unique key is used to encrypt/decrypt this data. When the
application is hosted on a single machine, then there is no issue as the
key will always be same for both encryption and decryption process. But this
will not be the case in web farm because this key value will be
different across the servers.
How to fix:
There are three solutions
to fix this issue:
- First solution is to set the EnableViewStateMac to false in the web.config: EnableViewStateMac is the attribute of the Page tag that comes under the <system.web>. It will look like:
<system.web>
<pages enableViewStateMac="false">
.
.
.
</pages>
</system.web>
- Second solution is to set the EnableViewStateMac to false at page level as:
<%@ Page EnableViewStateMac="false"
Language="C#"
AutoEventWireup="true"
CodeFile="Default.aspx.cs"
Inherits="_Default"
%>
But we need to do this
for all pages across the application. So it becomes very time consuming
job if we have to implement it on large application having many pages.
- Third and recommended solution is to specify our own value for encryption and decryption in the web.config file. We can generate the machine key via the Unique Machine KeyGenerator. The generated key will be the same across all the servers. Below is the sample keys.
<system.web>
<machineKey validationKey='D3A686722DDE36968147312E2D0EF0F61AC13C1725723317ABE201CE98EF3876E962748E28307308BBA1B4C9E670D52822C8B19E35657725C798FA51E6641F0C' decryptionKey='85C571FEEBFAF94517FAAC3136A29CAAA800033B909EDB52' validation='SHA1'/>
</system.web>
Note: Generate your own
keys and replace the validationKey and decryptionKey with your own unique generated
keys.
All the three solutions
will fix the issue, but it is always recommended to go with specifying the
custom key for encryption and decryption in web.config. This is because when we
set the EnableViewStateMac value to false we expose our application to security threats. This is because validation of view
state will not happen in this case.
Now over to you:
" I hope you have fixed the error and
If you like my work; you can appreciate by leaving your comments, hitting
Facebook like button, following on Google+, Twitter, Linked in and Pinterest,
stumbling my posts on stumble upon and subscribing for receiving free updates
directly to your inbox . Stay tuned and stay connected for more technical
updates."
If you have any question about any post, Feel free to ask.You can simply drop a comment below post or contact via Contact Us form. Your feedback and suggestions will be highly appreciated. Also try to leave comments from your account not from the anonymous account so that i can respond to you easily..