Asp net Validation of viewstate MAC failed

Question

I am receiving the following error at certain times on asp net website    Sys WebForms PageRequestManagerServerErrorException    Validation of viewstate MAC failed    If this application is hosted by a Web Farm or cluster   ensure that  lt machineKey gt  configuration specifies the   same validationKey and validation algorithm    AutoGenerate cannot be used in a cluster    When page refresh goes no problem How can I solve this problem

User · Answer

Microsoft says to never use a key generator web site.

Like everyone else here, I added this to my web.config.

<System.Web>
    <machineKey decryptionKey="ABC123...SUPERLONGKEY...5432JFEI242" 
                validationKey="XYZ234...SUPERLONGVALIDATIONKEY...FDA" 
                validation="SHA1" />
</system.web>

However, I used IIS as my machineKey generator like so:

Open IIS and select a website to get this screen:

Double click the Machine Key icon to get this screen:

Click the "Generate Keys" link on the right which I outlined in the pic above.

Notes:

If you select the "Generate a unique key for each application" checkbox, ",IsolateApps" will be added to the end of your keys. I had to remove these to get the app to work. Obviously, they're not part of the key.
SHA1 was the default encryption method selected by IIS and if you change it, don't forget to change the validation property on machineKey in the web.config. However, encryption methods and algorithms evolve so please feel free to edit this post with the updated preferred Encryption method or mention it in the notes and I'll update.

User · Answer

On multi-server environment  this error likely occurs when session expires and another instance of an application is resorted with same session id and machine key but on a different server  At first  each server produce its own machine key which later is associated with a single instance of an application  When session expires and current server is busy  the application is redirected like  via load balancer to a more operational server  In my case I run same app from multiple servers  the error message       Validation of viewstate MAC failed  If this application is hosted by a   Web Farm or cluster  ensure that  configuration specifies   the same validationKey and validation algorithm   Defining the machine code under  in web config have solve the problem  But instead of using 3rd party sites for code generation which might be corrupted  please run this from your command shell  Based on microsoft solution 1a  https   support microsoft com en-us kb 2915218 AppendixA    Generates a  lt machineKey gt  element that can be copied   pasted into a Web config file  function Generate-MachineKey      CmdletBinding      param        ValidateSet  AES    DES    3DES         string  decryptionAlgorithm    AES        ValidateSet  MD5    SHA1    HMACSHA256    HMACSHA384    HMACSHA512         string  validationAlgorithm    HMACSHA256        process       function BinaryToHex            CmdLetBinding            param  bytes          process                builder   new-object System Text StringBuilder             foreach   b in  bytes                   builder    builder AppendFormat  System Globalization CultureInfo   InvariantCulture    0 X2     b                             builder                     switch   decryptionAlgorithm           AES     decryptionObject   new-object System Security Cryptography AesCryptoServiceProvider          DES     decryptionObject   new-object System Security Cryptography DESCryptoServiceProvider          3DES     decryptionObject   new-object System Security Cryptography TripleDESCryptoServiceProvider              decryptionObject GenerateKey        decryptionKey   BinaryToHex  decryptionObject Key       decryptionObject Dispose       switch   validationAlgorithm           MD5     validationObject   new-object System Security Cryptography HMACMD5          SHA1     validationObject   new-object System Security Cryptography HMACSHA1          HMACSHA256     validationObject   new-object System Security Cryptography HMACSHA256          HMACSHA385     validationObject   new-object System Security Cryptography HMACSHA384          HMACSHA512     validationObject   new-object System Security Cryptography HMACSHA512              validationKey   BinaryToHex  validationObject Key       validationObject Dispose        string   Format  System Globalization CultureInfo   InvariantCulture          lt machineKey decryption    0    decryptionKey    1    validation    2    validationKey    3      gt           decryptionAlgorithm ToUpperInvariant     decryptionKey         validationAlgorithm ToUpperInvariant     validationKey          Then   For ASP NET 4 0  Generate-MachineKey   Your key will look like   lt machineKey decryption  AES  decryptionKey       validation  HMACSHA256  validationKey         gt   For ASP NET 2 0 and 3 5  Generate-MachineKey -validation sha1   Your key will look like   lt machineKey decryption  AES  decryptionKey       validation  SHA1  validationKey         gt

User · Answer

WHAT DID WORK FOR ME    Search the web for  MachineKey generator   Go to one of the sites found and generate the Machine Key  that will look like     the numbers are bigger     MachineKey validationKey  0EF6C03C11FC   63EAE6A00F0B6B35DD4B       decryptionKey  2F5E2FD80991C629   3ACA674CD3B5F068  validation  SHA1  decryption  AES     Copy and paste into the  lt system web gt  section in the web config file    If you want to follow the path I did       https   support microsoft com en-us kb 2915218 AppendixA Resolving view state message authentication code  MAC  errors Resolution 3b  Use an explicit  lt machineKey gt  By adding an explicit  lt machineKey gt  element to the application s Web config file  the developer tells ASP NET not to use the auto-generated cryptographic key  See Appendix A for instructions on how to generate a  lt machineKey gt  element     http   blogs msdn com b amb archive 2012 07 31 easiest-way-to-generate-machinekey aspx Easiest way to generate MachineKey - Ahmet Mithat Bostanci - 31 Jul 2012  You can search in Bing for  MachineKey generator  and use an online service  Honestly       http   www blackbeltcoder com Resources MachineKey aspx

User · Answer

There are another scenario which was happening for my customers  This was happening normally in certain time because of shift changes and users needed to login with different user   Here is a scenario which Anti forgery system protects system by generation this error    1- Once close open your browser  2- Go to your website and login with  User A  3- Open new Tab in browser and enter the same address site   You can see your site Home page without any authentication  4- Logout from your site and Login with another User User B  in second tab  5- Now go back to the first Tab which you logged in by  User A   You can still see the page but any action in this tab will make the error      Because your cookie is already updated by  User B  and you are trying to send a request by an invalid user   User A

User · Answer

I had this same issue and it was due to a Gridview  generated from a vb code  on the page which had sorting enabled   Disabling Sort fixed my issue   I do not have this problem with the gridviews created using a SQLdatasource

User · Answer

I had this problem  and for me the answer was different than the other answers to this question   I have an application with a lot of customers  I catch all error in the application error in global asax and I send myself an email with the error detail  After I published a new version of my apps  I began receiving a lot of Validation of viewstate MAC failed error message    After a day of searching I realized that I have a timer in my apps  that refresh an update panel every minute  So when I published a new version of my apps  and some customer have left her computer open on my website  I receive an error message every time that the timer refresh because the actual viewstate does not match with the new one  I received this message until all customers closed the website or refresh their browser to get the new version   I m sorry for my English  and I know that my case is very specific  but if it can help someone to save a day  I think that it is a good thing

User · Answer

If you re using a web farm and running the same application on multiple computers  you need to define the machine key explicitly in the machine config file    lt machineKey validationKey  JFDSGOIEURTJKTREKOIRUWTKLRJTKUROIUFLKSIOSUGOIFDS     decryptionKey  KAJDFOIAUOILKER534095U43098435H43OI5098479854  validation  SHA1    gt    Put it under the  lt system web gt  tag   The AutoGenerate for the machine code can not be used  To generate your own machineKey see this powershell script  https   support microsoft com en-us kb 2915218 bookmark-appendixa

User · Answer

my problem was this piece of javascript code     input   each function ele  indx       this value   this value toUpperCase          Turns it was messing with viewstate hidden field so I changed it to below code and it worked     input visible   each function ele  indx       this value   this value toUpperCase

User · Answer

I ve experienced the same issue on our project  This Microsoft support web page helped me to find the cause  And this solution helped to sort out the issue    In my case the issue was around ViewStateUserKey as Page ViewStateUserKey property had an incorrect value  Caused 4 in here   Deleting localhost certificates and recreating them by repairing IIS Expres as mentioned in here fixed the issue

User · Answer

Validation of viewstate MAC failed  If this application is hosted by a web farm or cluster  ensure that  lt machineKey gt  configuration specifies the same validationKey and validation algorithm  AutoGenerate cannot be used in a cluster   Answer     x000D   x000D   lt machineKey  decryptionKey  2CC8E5C3B1812451A707FBAAAEAC9052E05AE1B858993660  validation  HMACSHA256  decryption  AES  validationKey  CB8860CE588A62A2CF9B0B2F48D2C8C31A6A40F0517268CEBCA431A3177B08FC53D818B82DEDCF015A71A0C4B817EA8FDCA2B3BDD091D89F2EDDFB3C06C0CB32    gt  x000D   x000D   x000D

User · Answer

Dear All with all respict to answers up there there are case gives this error  when web config value is   lt httpCookies httpOnlyCookies  true  requireSSL  true   gt    and link is http not https

User · Answer

I am not sure how this happened but I started to get this error in my internal submit form pages  So when ever I submit something I m getting this error  But the problem is this website is almost working 5-6 years  I don t remember I made an important change   None of the solutions worked for me   I have setup a machine key with the Microsoft script and copied into my web config  I have executed asp net regiis script   aspnet regiis -ga  IIS APPPOOL My App Pool    Also tried to add this code into the page   enableViewStateMac  false    still no luck   Any other idea to solve this issue   UPDATE   Finally I solved the issue  I had integrated my angular 4 component into my asp net website  So I had added base href into my master page  So I removed that code and it is working fine now    lt base href       gt

User · Answer

I have faced the similar issue on my website hosted on IIS  This issue generally because of IIS Application pool settings  As application pool recycle after some time that caused the issue for me    Following steps help me to fix the issue    Open App pool of you website on IIS  Go to Advance settings on right hand pane  Scroll down to Process Model Change Idle Time-out minutes to 20 or number of minutes you don t want to recycle your App pool      Then try again   It will solve your issue

User · Answer

This error message is normally displayed after you have published your website to the server   The main problem lies in the Application Pool you use for your website    Configure your website to use the proper  NET Framework version  i e  v4 0  under the General section of the Application Pool related to your website    Under the Process Model  set the Identity value to Network Service    Close the dialog box and right-click your website and select Advanced Settings    from the Manage Website option of the content menu  In the dialog box  under General section  make sure you have selected the proper name of the Application Pool to be used   Your website should now run without any problem   Hope this helps you overcome this error

User · Answer

This solution worked for me in ASP NET 4 5 using a Web Forms site   Use the following site to generate a Machine Key  http   www blackbeltcoder com Resources MachineKey aspx Copy Full Machine Key Code  Go To your Web Config File  Paste the Machine Key in the following code section        lt configuration gt         lt system web gt           lt machineKey       gt         lt  system web gt       lt  configuration gt    You should not see the viewstate Mac failed error anymore  Each website in the same app pool should have a separate machine key otherwise this error will continue

User · Answer

lt system web gt   lt pages validateRequest  false  enableEventValidation  false  viewStateEncryptionMode   Never    gt   lt  system web gt

[asp.net] Asp.net Validation of viewstate MAC failed

Examples related to asp.net

Examples related to viewstate

Examples related to machinekey