In our log files I find the following exception. (ASP.NET, Sitecore 6.6). Any ideas why this happens?
I referred to this post. My app is not in a server farm. Also this does not happen with every postback.
7776 02:11:53 ERROR Application error.
Exception: System.Web.HttpException
Message: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Source: System.Web
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose)
at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose)
at System.Web.UI.HiddenFieldPageStatePersister.Load()
at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()
at System.Web.UI.Page.LoadAllState()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Nested Exception
Exception: System.Web.UI.ViewStateException
Message: Invalid viewstate.
Client IP: xxx.xxx.xxx.201
Port: <PORT>
Referer: <URL>
Path: /<PAGE>
User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
ViewState: /wEPDwUJMzY0OTY5Mjg5D2QWAgIFEGRkFgQCAw9kFgJmD2QWAmYPZBYCAg4PZBYCZg9kFgQCAw8PFgQeFUN1cnJlbnRTZWxlY3Rpb25WYWx1ZQUkMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwHhRDdXJyZW50U2VsZWN0aW9uVGV4dAUVQWxsIENhdGVnb3JpZXMgKDY5NTEpZBYCAgEPZBYCZg9kFgICAQ8UKwACDxYGHgRUZXh0BRVBbGwgQ2F0ZWdvcmllcyAoNjk1MSkeBF8hU0ICAh4IQ3NzQ2xhc3MFB1Rvb2xCYXJkEBYBZhYBFCsAAmRkDxYBZhYBBXdUZWxlcmlrLldlYi5VSS5SYWRDb21ib0JveEl0ZW0sIFRlbGVyaWsuV2ViLlVJLCBWZXJzaW9uPTIwMTIuMi42MDcuMzUsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MTIxZmFlNzgxNjViYTNkNBYCAgIPFCsAAWQWAgIBDxQrAAIUKwACFCsAAg8WBB8EBQdUb29sQmFyHwMCAmQPFCsAARQrAAIPFgYfAgUVQWxsIENhdGVnb3JpZXMgKDY5NTEpHgVWYWx1ZQUkMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwHghTZWxlY3RlZGdkZA8UKwEBZhYBBXNUZWxlcmlrLldlYi5VSS5S...
please check this link
Root Cause
This exception appears because Controls using DataKeyNames require Viewstate to be encrypted. When Viewstate is encrypted (Default mode, Auto, is to encrypt if controls require that, otherwise not), Page adds field just before closing of the tag. But this hidden field might not have been rendered to the browser with long-running pages, and if you make a postback before it does, the browser initiates postback without this field (in form post collection). End result is that if this field is omitted on postback, the page doesn't know that Viewstate is encrypted and causes the aforementioned Exception. I.E. page expects to be fully-loaded before you make a postback.
And by the way similar problem is with event validation since __EVENTVALIDATION field is also rendered on the end of the form. This is a security feature that ensures that postback actions only come from events allowed and created by the server to help prevent spoofed postbacks. This feature is implemented by having controls register valid events when they render (as in, during their actual Render() methods). The end result is that at the bottom of your rendered tag, you'll see something like this: . When a postback occurs, ASP.NET uses the values stored in this hidden field to ensure that the button you clicked invokes a valid event. If it's not valid, you get the exception above.
The problem happens specifically when you postback before the EventValidation field has been rendered. If EventValidation is enabled (which it is, by default), but ASP.net doesn't see the hidden field when you postback, you also get the exception. If you submit a form before it has been entirely rendered, then chances are the EventValidation field has not yet been rendered, and thus ASP.NET cannot validate your click.
Workarounds
1. Set enableEventValidation to false and viewStateEncryptionMode to Never as follows:
This has the unwanted side-effect of disabling validation and encryption. On some sites, this may be ok to do, but it isn't a best practice, especially in publicly facing sites.
I have similar issue in my recent project.When I tried to find some help from google, the things that most people discussed are the following
Add machine key in web.config
<system.web>
<machineKey validationKey="..." decryptionKey="..." validation="SHA1" />
</system.web>
Set EnableViewStateMAC=False in web.config
<system.web>
<pages enableViewStateMac="False"/>
</system.web>
But all above solution did not work for me. Whenever I try to open application with IP address it works fine but if I tried open application with domain name it showed me "Viewstate MAC failed" error. I dig down to find out what an issue and finally I found solution, this error occurs when browser does not accept cookie from server.
Godaddy provides feature for domain forwarding with masking. One of my colleague set that feature on our application domain, IE and Safari have security Level that they does not accept cookies from third parties and Advertiser, therefore both these browser generated "Viewstate MAC failed" error.
You can set Security Level to Accept all cookie in IE
Tools > Internet Options > Privacy
and Move Setting slider bottom for the Value "Accept all Cookie".
Hope this solution will help other to get out of asp.net legacy error "Viewstate MAC failed".
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 别忘想泡老子 的文章《Viewstate exception Validation of viewstate MAC fa》','https://www.manongdao.com/article-884364.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}