Click here to Skip to main content
12,507,294 members (59,118 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: ASP.NET
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that
Posted 24-Sep-12 8:28am
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 3

In the AppPool -> Advanced settings of the web site, ensure that you didn't modify the Maximum Worker Process to a value bigger than 1.

I made the modification hoping that my website with some traffic will be more responsive and started the have issues of session variables getting lost and reappearing later and the ViewState validatation failed message.

I have followed the different advices, the EnableViewStateMAC etc... without success until I remembered that I have increased this value a few days ago and that it should be the reason.

By putting it back to 1 which was the default, the situation came back to normal and my ViewStates are not invalid anymore nor my sessions lost.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 4

Add this to your web.config file in the system.web section:

<machinekey validationkey="xxx" decryptionkey="xxx" validation="SHA1" decryption="AES" />

Provide your own validation and decryption keys ("xxx" above), which you can get generated from
here.

This fixed the problem for me.
  Permalink  
v2
Comments
Steve Yates 12-Oct-15 14:34pm
   
The [here] link is 404. Microsoft's site: https://support.microsoft.com/en-us/kb/2915218#bookmark-appendixa
Note their comment, "There are many web sites that will generate a < machinekey > element for you with the click of a button. Never use a < machinekey > element that you obtained from one of these sites."
To use, copy the PowerShell function into a script, add a line "Generate-MachineKey" at the bottom (they forgot to call the function) and run it.
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 5

One thing I have come across that causes this issue has to do with the recycling intervals of the app-pools on the webserver.

I found this by looking at the event information in Eventviewer/Application logs and the "Task Category" called "Web Event". Then for the time period that this event took place I looked to see if there were any recycled events that took place just before that (Eventviewer/System logs and the "Source" called "WAS".

By default an app-pool will recycle every 1740 minutes (29 hours). If this recycle happened while a user is busy on the site and send post back to the server, the server no longer recognizes the session/viewstate and rejects what is being posted back.

To overcome this from our perspective is to set the recycle event to happen at a specific time of the day when we don't expect activity on the site. In our case 3am in the morning.

Hope that helps someone out there.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that machinekey configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster
As I found out, there was a
<base ..../>
tag in header part of my master page, that I added in last tie and before publishing. This tag specify a default URL and a default target for all links on a page. This was the main cause of the fault, this time.
I hope that it will help others too.
regards.
Ebrahimi
aebrs@yahoo.com
  Permalink  
v3
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Refer to the following thread for a discussion about this issue:

http://forums.asp.net/t/955145.aspx[^]

You can fix this by setting the EnableViewStateMAC property to false. Refer to more information about EnableViewStateMAC in the link given below:

http://msdn.microsoft.com/en-us/library/system.web.ui.page.enableviewstatemac.aspx[^]
  Permalink  
Comments
Ashley77 6-May-14 21:16pm
   
The MSDN link you provided states "This attribute should never be set to false in a production Web site, even if the application or page does not use view state. The view state MAC helps ensure the security of other ASP.NET functions in addition to view state."

In short, if you disable ViewStateMAC you can no longer trust anything that is sent via POST, which includes all page controls including those that are not visible.
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 6

<machinekey validation="SHA1" validationkey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1B2C3D4E5" decryption="Auto" decryptionkey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1" />

Wrote this code in webconfg..it is working in vs2012 ultimate..
  Permalink  
Comments
sanket saxena 7-May-14 2:24am
   
very late man
Jamsheer Moideen 6-Feb-16 2:53am
   
I did this but got the following error
The configuration section 'machinekey' cannot be read because it is missing a section declaration.
Changed 'machinekey' to 'machineKey' solved the section declaration error.
still the previous error
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 7

None of the solutions worked for me mentioned above. At last I waisted a lot of time to dig out the issue.

Culprit was cookies. I tried to make the cookie secured which works where SSL is installed. But it will not work where SSL is not installed. So, whenever you want to create cookie and want to make it secure here is the right technique.


Dim responseCookie = New HttpCookie(AntiXsrfTokenKey)
   With responseCookie
     .HttpOnly = True
     .Value = _antiXsrfTokenValue
   End With
 
   If FormsAuthentication.RequireSSL AndAlso Request.IsSecureConnection Then
      responseCookie.Secure = True
   End If

This fixed the issue "Validation of viewstate MAC failed"
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 9

If none of above solutions work for you check the following solution:

if you use F5 and your session is sticky CHECK STICKY SESSION TIMEOUT. Your app session timeout and F5 sticky session timeout must be same and sticky session timeout must not less than app session timeout.

STICKY SESSION TIMEOUT works for me and I solved MAC FAILED problem.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 10

Open Application Pool settings, Change 'Load User Profile' to true. This worked for me.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 8

  Permalink  
Comments
Jarle Friestad 12-Jan-15 4:23am
   
Horrible way to fix it. You should set the validationkey and decryptionkey and not do this hack.

"This attribute should never be set to false in a production Web site, even if the application or page does not use view state. The view state MAC helps ensure the security of other ASP.NET functions in addition to view state."
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 11

just place the below code inside the configuration tag in web.config file

<system.web>
  <machineKey validationKey="52B3217F9A9F7B8CE24DEFBD3EDF2B698E37B2ADE33257FAD329A242C11579D0EEDDB67F94CCF27143DCA4BBF9667DDAE78EBEDDD9EABB7C7AB874B5EC443954" decryptionKey="8A3AD1DD400FF3A09F3F5CB27C0411D2E8C7792CE523FD7B" validation="SHA1"/>
</system.web>
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.160927.1 | Last Updated 6 Feb 2016
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100