Have you ever come across a situation where your website which was working for the last couple of months gives a weird error "Unable to Validate Data". Yesterday, while working I found that my website which is already published in IIS throws this error. Initially I thought the error might be with my code, but I found that everything is good with the code. So I looked forward to internet and found that this error comes when the
viewstate of a page cannot be decrypted when the response is received from the client.
When I looked at where the error was occurring (Target Site) I found:
Unable to validate data at
System.Web.Configuration.MachineKey.GetDecodedData(Byte buf, Byte modifier,
Int32 start, Int32 length, Int32& dataLength) at
Actually the problem is with the
viewstate is actually decrypted in the server using a secret Machine key which resides on the server. The interesting thing is the key gets regenerated after a certain time. Therefore when the user returns the
viewstate, if the machine identified key is changed, the decryption of
viewstate fails and thus throws this nasty error.
The solution is simple. First of all, to solve the issue, I disabled the
ViewState for the current page by putting
EnableViewState = false. I even disabled this for the entire
viewstate for the website using Web.config. But still the error.
Finally I used "
EnableViewStateMac =false" in pages section. Voila, this cures the problem.
<pages buffer="true" enableViewStateMac="flase"/>
Just place the following between the system.web section and the site starts working.
Another solution that you might use as well is to place the machine key directly on your web.config, so that it always decrypts and encrypts using the static key values. To do this, you need to use the following:
You might use this site to Generate your validation key as well.
To get deep knowledge on what makes this happen, I found some insight from the Internet and read some articles of MSDN. Let us talk a little on that note.
Say you made a request for a page in the server. After you place the request the server processes it, encrypts the viewstate that the server receives using the encryption mentioned. Basically it uses the key mentioned in the
Machine.config to encrypt the
viewstate data. Finally it converts to Base64 and embeds into some hidden fields.
We can mention the machine key in
Web.config too so that it uses it for the current website. You might use the
AutoGenerate option too to enable/disable autogeneration of key during runtime.
Your comments are welcome.