Hello Folks,

Have you ever encountered a scenario where you saw this weird error on your site.

Validationof viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in acluster.

View state data that is transferred between the client and the server is always validated. This is done to ensure that viewstate data is not tempered. As the viewstate data is encrypted and decrypted, unique key is used to encrypt/decrypt this data. When the application is hosted on a single machine, there is no issue as the key will always be same for both encryption and decryption.But this will not be the case in web farm. There this key value will be different across the servers. And this is the root cause of the error.Now to fix this issue you have two option.

The first option is to set the EnableViewStateMac to false in the web.config.This is an attribute of the Page tag. You also have the option to set the EnableViewStateMac to false at page level. The only drawback  with this option is that you need to do this for all page across the application.

In web.config

<pages enableViewStateMac="false">

.

.

</pages>

At page level

<%@ Page Language="C#" AutoEventWireup="false" CodeFile="Default.aspx.cs" Inherits="_Default"

 EnableViewStateMac="false" %>

Other option is to specify your own value for encryption and decryption key in the web.config. Now this key will be same across the servers.

Both the option will work perfectly, but it is always advisable to go with specifying the custom key for encryption and decryption in web.config. This is because when you set the EnableViewStateMac value to false you open your application to security threats. This is because validation of view state willnot happen in this case.

<machineKey validationKey="<encryptionkey>" decryptionKey="<decryptionkey>" validation="SHA1" decryption="Auto"/>

Happy Coding :)