Verify view Mac failure Validation of ViewState mac Failed

Verify view Mac failure Validation of ViewState mac Failed

An error was encountered while debugging Atlas today:

Verify that the view Mac failed. If this reference program is hosted by a network farm or cluster, make sure that the <machineKey> configuration specifies the same validationkey and authentication algorithm. Cannot use AutoGenerate in a cluster

The environment in which the error occurred:

asp.net 2.0, using the UpdatePanel of Atlas, dynamically load user controls in UpdatePanel to achieve dynamic update of the page. The GridView is used in one of the user controls. This error occurs when the page is dynamically switched.

Problem Analysis:

After a search, find the following article:

Http://aspadvice.com/blogs/joteke/archive/2006/02/02/15011.aspx

Http://forums.asp.net/1173230/ShowPost.aspx

The analysis found the root of the problem. First, it is mentioned in the article that if you use the GridView and you specify the DataKeyNames property, for security reasons (because datakeynames the specified field represents the primary key of the data, and the primary key value needs to be saved in view state to the client, if the user tampered with the primary key value, can cause security problems), the GridView requires that the view state be encrypted. This automatically adds a <input type= "hidden" name= "__viewstateencrypted" id= "__viewstateencrypted" before the page form </forms> value= "/>."

However, the UpdatePanel requirements for Atlas are placed within <form></form>, i.e., prior to </form>. This means that the added hidden input control is not placed inside the UpdatePanel, but is placed between UpdatePanel and </form>.

When UpdatePanel is updated, controls inside the UpdatePanel are submitted to the server for processing (patrial Rendering), and the entire page is not submitted. That is, the hidden input control is not submitted along with it. Therefore, the server does not know that the submitted ViewState is encrypted, resulting in a Mac validation error.

Workaround:

By adding in the Web.config <system.web> inside

<pages enableeventvalidation= "false" viewStateEncryptionMode = "Never"/>

Can resolve the problem. asp.net 2.0 and "Validation of ViewState Mac failed" Exception

If you have this Exception

[HttpException (0x80004005): Validation of ViewState MAC failed. If This application was hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same VA Lidationkey and validation algorithm. AutoGenerate cannot is used in a cluster.]

And you know *for sure* this you aren ' t using a Web farm it seems the it appears when using built-in DataBound controls S Uch as GridView, DetailsView or FormView which utilize datakeynames. It appears if you have a large page which loads to any slowly

If following preconditions are true and click a postbacking control/link while the Page hasn ' t loaded completely Might get the "Validation of ViewState MAC failed" exception. In the case is sure to check following post on ASP.net forums where this has been discussed quite thoroughly:http://for Ums.asp.net/1173230/showpost.aspx

It appears because the GridView using datakeynames requires ViewState to be encrypted. And when ViewState is encrypted, Page adds <input type= "hidden" name= "__viewstateencrypted" id= "__viewstateencrypted" Value= "" "/> field just before closing of the <form> tag. But This hidden field might don't bet yet rendered to the browser with long-running pages, and if for you make a postback before It ' gets down ', browser initiates postback without this field (in Form Post collection)

End's is it's that if it's omitted on postback, Page doesn ' t ' know ' which viewstate is encrypted and causes the PR Ementioned Exception. E.g Page expects to is fully-loaded before you can make a postback. And by the way similar problem are with event validation since __eventvalidation the?? also rendered on the ' end of the ' F Orm.

A way to overcome the problem are to set in Web.config pages enableeventvalidation= "false" viewStateEncryptionMode = "Never" />just Note the security implications of these!
In the preset scenario, ASP.net will randomly establish manchinekey as an authenticator,
<configuration>
<system.web >
<machinekey validationkey = "Autogenerate,isolateapps"
decryptionkey = "Autogenerate,isolateapps" validation = "SHA1"/>
</system.web>
</configuration
If you have two Web servers, when another one is going to prove viewstate,
ValidationKey or decryptionkey must be the same, so you have to produce validationkey,
To use the same experience to deal with ViewState and even cookies.

The following methods are used to verify the code:

String validationkey = Getkey (30); 20~64 are available
String decryptionkey = Getkey (30); 20~64 are available

protected string Getkey (int keylen)
{
byte[] bytes = new Byte[keylen];
New RNGCryptoServiceProvider (). GetBytes (bytes);
StringBuilder Builder = new StringBuilder ();
for (int i = 0; i < bytes. Length; i++)
{
Builder.append (String. Format ("{0:x2}", Bytes[i]);
}
return builder.tostring ();
}

You can add <machineKey> to the web.config of each Web server site, as follows
<configuration>
<system.web>
<machinekey validationkey= "3ff1e929bc0534950b0920a7b59fa698bd02dfe8"
decryptionkey= "280450bb36319b474c996b506a95aedf9b51211b1d2b7a77"
decryption= "3DES" validation= "SHA1"/>
</system.web>
</configuration>