ASP.NET Validation of viewstate MAC failed

Not knowing the specifics of your app, one way that this can happen if the page is submitted before it is fully loaded. You can work around by using javascript to prevent postbacks/submissions prior to the page being fully loaded. Also try to reduce the size of the page if possible. Disable the viewstate for any controls that you don't use it.


It could be that IIS recycled your app and therefore you get new keys for the session/view state. To alleviate this, add a machine static key in the web.config.

Generate a key from http://www.eggheadcafe.com/articles/GenerateMachineKey/GenerateMachineKey.aspx

And place the keys in your web.config example as below

<machineKey
validationKey="56AB7132992003EE87F74AE4D9675D65EED8018D3528C0B8874905B51940DEAF6B85F1D922D19AB8F69781B2326A2F978A064708822FD8C54ED74CADF8592E17"
decryptionKey="A69D80B92A16DFE1698DFE86D4CED630FA56D7C1661C8D05744449889B88E8DC"
validation="SHA1" decryption="AES" />

The <machineKey> should be put inside <system.web> section.


I think the problem is Different keys across postback,so you need to generate new encryption keys.

From Code Project:

There are two keys that ASP.NET uses to encrypt, decrypt, and validate data in ViewState, Forms Authetication tickets, and out-of-process Session data. The decryptionKey is used for encryption and decryption of authentication tickets and encrypted ViewState information. The validationKey is used to validate ViewState and ensure it hasn't been tampered with, and generate unique application-specific session IDs for out-of-process session storage. You can run into problems if the key changes between postbacks.


A good article how to do this here, here, here and here.

In general you need to take some issues in consideration when moving to the production environment.

A good article about this here.

Tags:

Asp.Net