locked
Validation of viewstate MAC failed / The state information is invalid for this page and might be corrupted RRS feed

  • Question

  • User1888952456 posted

    hey folk,

    maybe you can help me with the following prob:
    i developped a "job search application" in asp.net 2.0 beta. it compiled and ran without any problems. now, with the new asp.net 2.0 final version, i'm getting a lot this error message:

    Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

    this error is only generated if you navigate quickly through the web application. that means, if you press an <asp:Button> before the whole page is loaded/rendered, then you get this posted error. if you wait until the whole page has finished rendering, then the postback generates no errors.
     
    i've read a lot of articles and forum posts, and nothing figured out the problem:
    - NO, i'm not running a Web Farm.
    - page property "EnableViewStateMac" set to false does not solve the problem, it just changes the error message in same navigation behaviour:

    The state information is invalid for this page and might be corrupted.

    the second error could be solved with hotfixes/updates in asp.net 1.0/1.1
    is there also a solution available for asp.net 2.0 final version?

    thanks for helping!

    Thursday, January 19, 2006 9:33 AM

Answers

  • User-109060882 posted

    Hi everyone,

    The error that's happening (as has been mentioned earlier) is caused by an ASP.net 2.0 feature called Event Validation. This is a security feature that ensures that postback actions only come from events allowed and created by the server to help prevent spoofed postbacks. This feature is implemented by having controls register valid events when they render (as in, during their actual Render() methods). The end result is that at the bottom of your rendered <form> tag, you'll see something like this:

     <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="AEBnx7v.........tS" />

    When a postback occurs, ASP.net uses the values stored in this hidden field to ensure that the button you clicked invokes a valid event. If it's not valid, you get the exception that you've been seeing.

    The problem you're seeing happens specifically when you postback before the EventValidation field has been rendered. If EventValidation is enabled (which it is, by default), but ASP.net doesn't see the hidden field when you postback, you also get the exception. If you submit a form before it has been entirely rendered, then chances are the EventValidation field has not yet been rendered, and thus ASP.net cannot validate your click.

    One work around is of course to just disable event validation, but you have to be aware of the security implications. Alternatively, just never post back before the form has finished rendering. Of course, that's hard to tell your users, but perhaps you could disable the UI until the form has rendered?

    Unfortunately there's no "perfect" solution for this just yet.

    Thanks,

    Eilon

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, January 31, 2006 2:56 PM

All replies

  • User1888952456 posted

    further information about my problem:

    i've done a lot of test cases in recently past hours, following i found out concerning my problem:
    it depends on which webcontrols you have in use in an asp.net 2.0 final application. my reported problem only occurs if you've nested a gridview, a detailview or a formview within the *.aspx page. and it does not even matter if they are bound to a datasource control. they fail in both cases (bound / unbound) if you navigate too quickly (have a look at first post for its explanation).

    conclusion:
    my problem has too be a general one in asp.net 2.0 final framework. i'm working in a small developping team for web solutions. and we've figured out that all our asp.net applications (which were running fine in asp.net beta 2.0) have this problem :-( error message "Validation of viewstate MAC failed" occurs in simple page architecture (no masterpages, no callbacks etc.) even!
    i'm sure other developers are also hit, aren't they?

    special remark:
    although we have NO webfarm in use, i've also tried to use a self-generated <machinekey> in web.config. no success as expected ;-) 

    Friday, January 20, 2006 7:31 AM
  • User1888952456 posted

    ... and again me :-)

    it would also be helpful to receive replies which confirm my "observations" about this asp.net error message - even if you haven't found the solution. thanks
    .

    Monday, January 23, 2006 4:44 AM
  • User1888952456 posted

    What a 'tiny' bug...

    today, i found out under which exact circumstances the reported error raises.
    it all belongs to the DataKeyNames property!

    if you don't use this property, you will never get that "Validation of viewstate MAC failed" error by navigating quickly (do postback before whole page has finished rendering).
    so, all you need on an *.aspx page for generating this error:

    1. SqlDataSource
    2. GridView bound to SqlDataSource
    3. Using DataKeyNames in GridView
    4. Something on the *.aspx page which takes a while till rendered (as for example banners, external pictures etc.)
    5. Button*

    * you can also do a postback with the GridView's sorting command.


    final conclusion:
    that must be a bug in the .net framework! MVP users or others... what do you think about? 

    Tuesday, January 24, 2006 7:35 AM
  • User109053788 posted
    Lots of people waiting for an answer to this one. Is it something that is know and being fixed or are we all just completely lost and should give up and go back to 1.1?
    Tuesday, January 24, 2006 8:08 PM
  • User1888952456 posted

    "Lots of people waiting for an answer"

    glad reading this. unfortunately i've never found any articles, forum posts complaining about exactly the facts/bug i described.

    i hope more people are gonna confirm this thread, so microsoft experts will give reply - thanks!

    Wednesday, January 25, 2006 4:06 AM
  • User-259391351 posted

    Hi crystal.net,<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

    <o:p> </o:p>

    I can confirm I get exactly the same error.<o:p></o:p>

    <o:p> </o:p>

    My page that errors has a GridView bound to an ObjectDataSource. This is a custom GridView which uses a dropdown outside it (with numbers 1 to 20) and an add button next to it. This allows users to add up to 20 rows to the grid at a time. In the background each 'add' creates a new object and stuffs it into my generic list which is bound to the ObjectDataSource. Each row in the Grid has LOTS of DropDownLists, Labels, TextBox controls, Imagebuttons etc . After you add about 30 row the page render time dramatically increase (as you'd expect). Once you edit a number of these controls and click the submit button the error occurs. The submit saves the items in my generis list to sql then reloads itself with a empty generic list.<o:p></o:p>

    <o:p> </o:p>

    Validation of ViewState errors occur on our office server (when being tested) as if it were a production environment. And it doesn't happen everytime either?!?! When I test the site using my locahost I cannot reproduce this error.<o:p></o:p>

    <o:p> </o:p>

    We are not using a web farm and site is built in debug mode in all cases (but will be in release mode when live on production server). This happens when you try to submit the page even when it has DEFINITELY finished loading so how can the viewstate be different than on the server? I admit the ViewState is pretty hefty. Is this an isolated problem with GridViews and ViewState?<o:p></o:p>

    <o:p> </o:p>

    We have experience other problem with EventValidation. A workaround for these was to set <pages enableEventValidation="false"/> in web.config<o:p></o:p>

    <o:p> </o:p>

    I have spent far too long trawling the internet for a solution but nothing!!!<o:p></o:p>

    <o:p> </o:p>

    Can someone at MICROSOFT please confirm if this a bug in the .net 2.0 framework and if so what can we do to STOP it!!<o:p></o:p>

    <o:p> </o:p>

    I need a solution FAST!<o:p></o:p>

    <o:p> </o:p>

    Thanks<o:p></o:p>

    Thursday, January 26, 2006 11:56 AM
  • User1888952456 posted

    hey devMonky2k,

    thanks for your post. you haven't written it, but i'm very sure you also have the property DataKeyNames in your GridView in use.... and i had to laugh if i read about your EventValidation problem. i had the same problem and workaround, too :-)

    so i think it's evidence enough, microsoft supporters, we'd appreciate your help!!

    Friday, January 27, 2006 3:05 AM
  • User-1361879662 posted

    Hey Crystal,

    I'm happy to see that I am not the only one experiencing this with .net 2.0.  I love this new dev environment but it appears as though little bugs are still present with designer based controls.

    I'm using a gridview bound to a SqlSource, have tried all the workarounds (MachineKey, etc) and I am still getting the error on what appears to be anything postback. When I sort my grid, the error occurs, and I assume it has to do with viewstate.

    I read a MS article somewhere that explained how data conversions or formatting might have an impact (ie. converting int to string for example) but this originally appeared to be with .Net 1.0 and the article dates back some time.

    I guess no sorting for the time being until this gets resolved.

    If I find anything, I'll post.

    Cheers.

     

    /JD

    Friday, January 27, 2006 12:59 PM
  • User2032526919 posted

     

    1. SqlDataSource
    2. GridView bound to SqlDataSource
    3. Using DataKeyNames in GridView
    4. Something on the *.aspx page which takes a while till rendered (as for example banners, external pictures etc.)
    5. Button*

    I tried to locally reproduce with these steps, and I couldn't get the same to appear. Does this happen locally or only on remote server (Windows Server 2003 utilizing application pools?) Perhaps you could show the entire page, if it is reproducable with a small sample page.

    Monday, January 30, 2006 12:16 PM
  • User1888952456 posted
    hey joteke,

    thanks for taking time! i've spent the morning for reproducing a small sample page that points out the reported bug. i used a <asp:XmlDataSource> instead of <asp:SqlDataSource> for make it independent of any configuration ressources. you can download the source here: http://www.espace.ch/viewstateProblem.rar

    you have to click very quickly (serveral times) in doing the postback for reproducing the bug in the sample page!!!

    for those guys who think the navigation behavior strange... yeah, you're right: in the given sample page, it is really silly n' difficult navigating so quickly (pressing button before page has finished rendering!!). but if you look at the final application (http://adv.espace.ch/einsteigerprofil), you'll see that reported navigation behavior is common: the standard shape/design of espace.ch takes an amount of time for loading - and i don't think users are gonna wait until page has finished rendering each time.

    last but not least i have to correct my observations!
    so, all you need on an *.aspx page for generating this error:
    1. Any DataSource Control (SqlDataSource, XmlDataSource...) 
    2. GridView bound / unbound to DataSource
    3. Using DataKeyNames in GridView
    4. Using <asp:BoundField> elements
    5. Something on the *.aspx page which takes a while till rendered (as for example banners, external pictures etc.)
    6. Button
    Tuesday, January 31, 2006 9:11 AM
  • User2032526919 posted

    Yes, I got this one to reproduce with the set you gave.

    Let me test it a little bit more.

    Tuesday, January 31, 2006 12:59 PM
  • User2032526919 posted

    Ok,

    if you guys add this to web.config, does it still reproduce?

    <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    E.g note the viewStateEncryptionMode.

    Tuesday, January 31, 2006 1:04 PM
  • User-1361879662 posted

    Hi Joteki,

    The error is ever present in my case. I get the typical "Invalid postback or callback argument.  Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page.  For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them.  If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation." whether enableEventValidation is set to true or false.

    One thing worth noting:  My page actually has three different controls, all seperate and none linked or nested - 1 Gridview and 2 datalists. If I take a new aspx, create a simple gridview bound to the same view in SQL, and try sorting (my problem occurs on the sort), everything rolls fine. But in my original .aspx, I get the error.

    So I removed the controls in order to slowly start "removing possible conflicts" and suddently, the sort in my Gridview worked without a hitch. I put the datalist back and the error returned.

    Thinking I was on to something, I removed all datalists and gridview from my original .aspx as well as SqlSources. I then proceeded to add my Gridview and the error returned WITHOUT the datalists.

    This REALLY appears to be a bug in .Net 2.0, and I've yet to figure out why exactly it happens. Isolating it appears impossible.

    The only workaround I can suggest is to "think outside of the box" and try placing your controls in other ways, or redo the page altogether.

    I have had other bugs where a simple bound dropdownlist would not function properly until I literally "Deleted" the Usercontrol (.ascx) from my project, created a new one and the DDL functioned properly moving forward.

    Servicepack anyone?

    /JD

    Tuesday, January 31, 2006 1:39 PM
  • User-109060882 posted

    Hi everyone,

    The error that's happening (as has been mentioned earlier) is caused by an ASP.net 2.0 feature called Event Validation. This is a security feature that ensures that postback actions only come from events allowed and created by the server to help prevent spoofed postbacks. This feature is implemented by having controls register valid events when they render (as in, during their actual Render() methods). The end result is that at the bottom of your rendered <form> tag, you'll see something like this:

     <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="AEBnx7v.........tS" />

    When a postback occurs, ASP.net uses the values stored in this hidden field to ensure that the button you clicked invokes a valid event. If it's not valid, you get the exception that you've been seeing.

    The problem you're seeing happens specifically when you postback before the EventValidation field has been rendered. If EventValidation is enabled (which it is, by default), but ASP.net doesn't see the hidden field when you postback, you also get the exception. If you submit a form before it has been entirely rendered, then chances are the EventValidation field has not yet been rendered, and thus ASP.net cannot validate your click.

    One work around is of course to just disable event validation, but you have to be aware of the security implications. Alternatively, just never post back before the form has finished rendering. Of course, that's hard to tell your users, but perhaps you could disable the UI until the form has rendered?

    Unfortunately there's no "perfect" solution for this just yet.

    Thanks,

    Eilon

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, January 31, 2006 2:56 PM
  • User2032526919 posted

    Eilon,

    in my test bed I already had event validation disabled, e.g the config file as:

    <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Always" />

    and the issue exists (even if event validation is disabled).

    If I change it to:

     <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    I didn't  touch the event validation, and it started to work out. Perhaps it's some other more complicated thing behind the scenes than event validation, or is still related to it?

    Stack trace is:

    [HttpException (0x80004005): Unable to validate data.]
       System.Web.Configuration.MachineKeySection.GetDecodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Int32& dataLength) +358
       System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +199

    [ViewStateException: Invalid viewstate.
    Client IP: 127.0.0.1
    Port:
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSVS 8.0.50727)
    ViewState: VXTPKwRXoX61Y4cvIJH/o7LcvXDyqoTxh5PLFbKrbsZg0i12uRF4wJHFBOpVvxP/Hx1RnJWq8FRR6fqiFSdZukxCS5H+uqtGAcHmPiTbDDaLy8WZF9Xj1nethdNsVOswTNGaB9Jo2PK+7p3dcDc+v/Ui35vs/nI8yTIz6bPjCLfxi9tI+SWcy9l+SUfwMp3JSgUVWoQ33JdrV9bY5yt5Fj5J1BYm1CwxMmIivv6Bu1YMKChv1E0m3Iknaf22dMHksCWyiX7W0jnqNPvqkufq6vrn9WZL0cgNFKtZJNWiQOBIi6hVkDmRbAMYh0cugqOhD9aFF8amv/Wr62y2sUGiBt/tdqFW2eb6+YMMuMYbtWuGJeMvzJW2qyMxpHMxLQAmf5BbP0GSaEhLrE7jcFdDiEkJy2id5TVevZnLH5e4zbaGu4wkN1f8tSMLp57xOOXKmiJT5lXk1w3sdp5S3sgEdKjpiqPkbtjA6mW9XZukWtGupc2wPStf09dw1wRuJ7epV6YQbf39feDeNKQPNIQEpntPh+lJPcKymH8xaKcSmZH3v8I5NfcmHPPpcOET/ZWVjt++tmZh211LIQYcA4v9GT96tVZsxdwDhZ+8qFLIo0VzOhLeK3r+UhXqR1vh29TfccG6ZKpY3x4l4v5G7qKzsQkrW2Fgo/3W4QToO96EiY9dMQQF6qAuGlJUp/++/Lv3pXXIq7MSEC3yRF/cHmT3AEDhi6LhCv2d52ZZLqFH2oUbt6v2f/JOSZ1wtGvyyssOhNER0mdU3XXCDR0ZcR+mZvwYPjK3HBdHtIqW+aozTs4PEPCvqK1ZDZpcuipsFtgUJOL+ey8cs+bZs9Ci8C...]

    [HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.]
       System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +119
       System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +236
       System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) +5
       System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) +37
       System.Web.UI.HiddenFieldPageStatePersister.Load() +222
       System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +80
       System.Web.UI.Page.LoadAllState() +35
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7965
       System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +158
       System.Web.UI.Page.ProcessRequest() +85
       System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +20
       System.Web.UI.Page.ProcessRequest(HttpContext context) +110
       ASP.example_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\viewstateproblem\ef8b89df\95cd01e0\App_Web_gmubbdee.0.cs:0
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +317
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +65


     If you pick download provided earlier:
    http://www.espace.ch/viewstateProblem.rar , you can repro it .

    Tuesday, January 31, 2006 3:10 PM
  • User-109060882 posted

    I suspect it's probably related. If you look, there's actually one other hidden field that gets rendered at the bottom of the <form> tag:

     <input type="hidden" name="__VIEWSTATEENCRYPTED" id="__VIEWSTATEENCRYPTED" value="" />

    I suspect that if that field is not posted back to the server, that view state might fail as well.

    In general, the entire page must be loaded in order to be able to do a postback properly. You can try to verify this by doing an HTTP trace and seeing which fields actually end up getting posted to the server when you: 1. Wait for the page to load; and 2. Don't wait for the page to load. Any differences between those two traces will most likely indicate the cause of the error.

    Thanks,

    Eilon

    Tuesday, January 31, 2006 4:05 PM
  • User1888952456 posted

    first of all i wanna thank you both, joteke and eilon, for analyzing/supporting this thread!

    "if you guys add this to web.config, does it still reproduce?
    <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />"

    this workaround (switching off the whole event validation security) works great. all our applications are running fine now on asp.net 2.0 final with property viewStateExncryptionMode set to Never!

    i've also analyzed the rendered source code => hidden fields "__VIEWSTATEENCRYPTED" and "__EVENTVALIDATION". they are really rendered at the bottom of the <form> tag:

    that's obviously a sequentially rendering bug which has to be fixed, don't you think?

    => that important sequential logic reminds me of first steps scripting javascript stuff!

    "One work around is of course to just disable event validation, but you have to be aware of the security implications."

    disabling event validation is the single solution in my case!

    "Alternatively, just never post back before the form has finished rendering. Of course, that's hard to tell your users, but perhaps you could disable the UI until the form has rendered?"

    that's hard to tell your users.... i'd say that's impossible to get user's understanding for waiting ;-)
    on the other hand, can you explain me how i should disable UI until the form has rendered?

    Wednesday, February 1, 2006 4:23 AM
  • User109053788 posted

    Mate this is not the case. To suggest that the application is failing because the user is clicking the button too soon is ludicrous. You need to knuckle down and sort this one out otherwise you will have 0 people developing .Net2 applications. We are all waiting.

     

    Wednesday, February 1, 2006 4:55 AM
  • User1888952456 posted

    oh, i forgot to mention an important thing:

    you may remember i wrote reported problem only occurs using "DataKeyNames" in GridView. AND THIS IS ABSOLUTELY CORRECT! just have a look at rendered source code. if you are using property "DataKeyNames" you'll get rendered hidden field "__VIEWSTATEENCRYPTED". if you aren't using it, the hidden form field doesn't exist!

    => so i think this whole event validation/encryption stuff is NOT proper!

    Wednesday, February 1, 2006 4:55 AM
  • User2032526919 posted

    I suspect it's probably related. If you look, there's actually one other hidden field that gets rendered at the bottom of the <form> tag:

     <input type="hidden" name="__VIEWSTATEENCRYPTED" id="__VIEWSTATEENCRYPTED" value="" />

    I suspect that if that field is not posted back to the server, that view state might fail as well.

    In general, the entire page must be loaded in order to be able to do a postback properly. You can try to verify this by doing an HTTP trace and seeing which fields actually end up getting posted to the server when you: 1. Wait for the page to load; and 2. Don't wait for the page to load. Any differences between those two traces will most likely indicate the cause of the error.

    Thanks,

    Eilon

    I had a look at the posted content with Fiddler, but I missed that. Makes 100% sense now, thanks!

    Wednesday, February 1, 2006 5:18 AM
  • User2032526919 posted

    oh, i forgot to mention an important thing:

    you may remember i wrote reported problem only occurs using "DataKeyNames" in GridView. AND THIS IS ABSOLUTELY CORRECT! just have a look at rendered source code. if you are using property "DataKeyNames" you'll get rendered hidden field "__VIEWSTATEENCRYPTED". if you aren't using it, the hidden form field doesn't exist!

    => so i think this whole event validation/encryption stuff is NOT proper!

    To clarify, that's because GridView requests View state to be encrypted, since those ID's in database might require secure handling (e.g it does that if DataKeyNames are set). viewStateEncryptionMode setting in config (or corresponding property on Page class) overrides that behaviour. Default mode, Auto, is to encrypt if controls require that, otherwise not.

    Wednesday, February 1, 2006 11:11 AM
  • User-74826336 posted
    I ran into the same problem  It turns our I had an extra <form></form> tag in my code because I was cutting and pasting some Javascript.  Once I removed the extra <form> tag, it worked great. 
    Wednesday, February 1, 2006 5:53 PM
  • User1888952456 posted

    @joteke

    "To clarify, that's because GridView requests View state to be encrypted, since those ID's in database might require secure handling (e.g it does that if DataKeyNames are set). viewStateEncryptionMode setting in config (or corresponding property on Page class) overrides that behaviour. Default mode, Auto, is to encrypt if controls require that, otherwise not."

    okay, that makes sense. thanks for clarifying :-)


    @Eilon

    there are still two questions unanswered:
    "i've also analyzed the rendered source code => hidden fields "__VIEWSTATEENCRYPTED" and "__EVENTVALIDATION". they are really rendered at the bottom of the <form> tag:
    that's obviously a sequentially rendering bug which has to be fixed, don't you think?"

    and

     
    "can you explain me how i should disable UI until the form has rendered
    ?"


    @vtjoeh

    maybe we had the same error message, but we've "solved" (workaround) another bug in this thread.

    Thursday, February 2, 2006 2:57 AM
  • User1888952456 posted
    @Eilon

    no answer is also an answer ;-)
    thanks anyway.
    Monday, February 6, 2006 2:50 AM
  • User2032526919 posted

    If you want to express feedback to the product team , you can also use MSDN Feedback Center. That way you can ensure that they have taken note of it (they usually respond there with some guidelines related to the specific issue like are they going to do anything)

    http://lab.msdn.microsoft.com/productfeedback/

    Post the link to the reported issue here.

    Monday, February 6, 2006 3:16 AM
  • User-109060882 posted

    Hi again,

    I don't know of a very good way to disable all the elements on the form, however here's a code snippet that shows part of a technique:

        function disableElements(elements) {
            for (var i = elements.length - 1; i >= 0; i--) {
                var elmt = elements[i];
                if (!elmt.disabled) {
                    elmt.disabled = true;
                }
                else {
                    elmt._wasDisabled = true;
                }
            }
        }

        function disableFormElements() {
            disableElements(_form.getElementsByTagName("INPUT"));
            disableElements(_form.getElementsByTagName("SELECT"));
            disableElements(_form.getElementsByTagName("TEXTAREA"));
            disableElements(_form.getElementsByTagName("BUTTON"));
            disableElements(_form.getElementsByTagName("A"));
        }

        function enableElements(elements) {
            for (var i = elements.length - 1; i >= 0; i--) {
                var elmt = elements[i];
                if (!elmt._wasDisabled) {
                    elmt.disabled = false;
                }
                else {
                    elmt._wasDisabled = null;
                }
            }
        }

        function enableFormElements() {
            enableElements(_form.getElementsByTagName("INPUT"));
            enableElements(_form.getElementsByTagName("SELECT"));
            enableElements(_form.getElementsByTagName("TEXTAREA"));
            enableElements(_form.getElementsByTagName("BUTTON"));
            enableElements(_form.getElementsByTagName("A"));
        }

    Make sure that the variable _form is set to the ASP.net form on the page. Then just call enableFormElements() and disableFormElements(). As far as when exactly do you call them, I'm not entirely sure how that works with the DOM, etc.

    Either way, definitely send us some official feedback through the link mentioned earlier.

    Thanks,

    Eilon

    Monday, February 6, 2006 2:34 PM
  • User2032526919 posted

    Either way, definitely send us some official feedback through the link mentioned earlier.

    Thanks,

    Eilon

    Yup, I did one: http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx?feedbackid=e08714b5-35cc-4520-9876-fe2851018453

    Thanks for taking time to suggest the other workaround,

    Teemu

    Tuesday, February 7, 2006 12:29 AM
  • User1888952456 posted
    thanks you both.
    Tuesday, February 7, 2006 5:15 AM
  • User1412998978 posted

    I've been getting the same message, intermittently, even after adding <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" /> to web.config. In the hope that it helps, here's some of the code. Note the third item in the EditItemTemplate.

    <asp:GridView ID="GridView1" runat="server" AllowPaging="True" AutoGenerateColumns="False" DataKeyNames="dlID" DataSourceID="ObjectDataSource1" Width="628px" PageSize="5" CellPadding="4" ForeColor="#333333" GridLines="None" RowHeaderColumn="dlID">

    <Columns>

    <asp:CommandField ShowEditButton="True" />

    <asp:BoundField DataField="dlID" HeaderText="Lead ID" InsertVisible="False" ReadOnly="True"

    SortExpression="dlID" />

    <asp:TemplateField HeaderText="User Name Address Etc">

    <ItemTemplate>

    <asp:FormView ID="FormView1" runat="server" DataKeyNames="dlID"

    DataSourceID="ObjectDataSource1" OnPageIndexChanging="FormView1_PageIndexChanging" Width="731px" Height="43px">

    <PagerSettings Mode="NextPrevious" />

    <EditItemTemplate>

    <asp:Label ID="dlIDLabel1" runat="server" Text='<%# Eval("dlID") %>'></asp:Label><br />

    dlUSERID:

    <asp:TextBox ID="dlUSERIDTextBox" runat="server" Text='<%# Bind("dlUSERID") %>'>

    </asp:TextBox><br />

    STATE:

    <asp:Label ID="adSTATELabel1" runat="server" Text='<%# Eval("adSTATE") %>'>

    </asp:Label><br />

    dlLANGUAGE:

    <asp:TextBox ID="dlLANGUAGETextBox" runat="server" Text='<%# Bind("dlLANGUAGE") %>'>

    </asp:TextBox><br />

    dlTYPE:

    <asp:TextBox ID="dlTYPETextBox" runat="server" Text='<%# Bind("dlTYPE") %>'>

    </asp:TextBox><br />

    dlSTATUS:

    <asp:TextBox ID="dlSTATUSTextBox" runat="server" Text='<%# Bind("dlSTATUS") %>'>

    </asp:TextBox><br />

    dlNAME:

    <asp:TextBox ID="dlNAMETextBox" runat="server" Text='<%# Eval("dlNAME") %>'>

    </asp:TextBox><br />

    dlPHONE:

    <asp:TextBox ID="dlPHONETextBox" runat="server" Text='<%# Bind("dlPHONE") %>'>

    </asp:TextBox><br />

    adADDRESS:

    <asp:TextBox ID="adADDRESSTextBox" runat="server" Text='<%# Bind("adADDRESS") %>'>

    </asp:TextBox><br />

    adCITY:

    <asp:TextBox ID="adCITYTextBox" runat="server" Text='<%# Bind("adCITY") %>'>

    </asp:TextBox><br />

    adZIP:

    <asp:TextBox ID="adZIPTextBox" runat="server" Text='<%# Bind("adZIP") %>'>

    </asp:TextBox><br />

    wpPRINCIPAL:

    <asp:TextBox ID="wpPRINCIPALTextBox" runat="server" Text='<%# Bind("wpPRINCIPAL") %>'>

    </asp:TextBox><br />

    wpINTEREST:

    <asp:TextBox ID="wpINTERESTTextBox" runat="server" Text='<%# Bind("wpINTEREST") %>'>

    </asp:TextBox><br />

    wpPAYMENT:

    <asp:TextBox ID="wpPAYMENTTextBox" runat="server" Text='<%# Bind("wpPAYMENT") %>'>

    </asp:TextBox><br />

    wpMINIMUM:

    <asp:TextBox ID="wpMINIMUMTextBox" runat="server" Text='<%# Bind("wpMINIMUM") %>'>

    </asp:TextBox><br />

    wpFICO:

    <asp:TextBox ID="wpFICOTextBox" runat="server" Text='<%# Bind("wpFICO") %>'>

    </asp:TextBox><br />

    lsFACEVALUE:

    <asp:TextBox ID="lsFACEVALUETextBox" runat="server" Text='<%# Bind("lsFACEVALUE") %>'>

    </asp:TextBox><br />

    dlCALLRESULT:

    <asp:TextBox ID="dlCALLRESULTTextBox" runat="server" Text='<%# Bind("dlCALLRESULT") %>'>

    </asp:TextBox><br />

    dlREASON:

    <asp:TextBox ID="dlREASONTextBox" runat="server" Text='<%# Bind("dlREASON") %>'>

    </asp:TextBox><br />

    dlDATEAVAILABLE:

    <asp:TextBox ID="dlDATEAVAILABLETextBox" runat="server" Text='<%# Bind("dlDATEAVAILABLE") %>'>

    </asp:TextBox><br />

    dlDATEOUT:

    <asp:TextBox ID="dlDATEOUTTextBox" runat="server" Text='<%# Bind("dlDATEOUT") %>'>

    </asp:TextBox><br />

    dlDATEIN:

    <asp:TextBox ID="dlDATEINTextBox" runat="server" Text='<%# Bind("dlDATEIN") %>'>

    </asp:TextBox><br />

    dlDATEIMPORTED:

    <asp:TextBox ID="dlDATEIMPORTEDTextBox" runat="server" Text='<%# Bind("dlDATEIMPORTED") %>'>

    </asp:TextBox><br />

    dlSOURCE:

    <asp:TextBox ID="dlSOURCETextBox" runat="server" Text='<%# Bind("dlSOURCE") %>'>

    </asp:TextBox><br />

    naFIRST:

    <asp:TextBox ID="naFIRSTTextBox" runat="server" Text='<%# Bind("naFIRST") %>'>

    </asp:TextBox><br />

    naLAST:

    <asp:TextBox ID="naLASTTextBox" runat="server" Text='<%# Bind("naLAST") %>'>

    </asp:TextBox><br />

    phAREACODE:

    <asp:TextBox ID="phAREACODETextBox" runat="server" Text='<%# Bind("phAREACODE") %>'>

    </asp:TextBox><br />

    phPHONE:

    <asp:TextBox ID="phPHONETextBox" runat="server" Text='<%# Bind("phPHONE") %>'>

    </asp:TextBox><br />

    wpHOMEVALUE:

    <asp:TextBox ID="wpHOMEVALUETextBox" runat="server" Text='<%# Bind("wpHOMEVALUE") %>'>

    </asp:TextBox><br />

    dlUNIQ:

    <asp:TextBox ID="dlUNIQTextBox" runat="server" Text='<%# Bind("dlUNIQ") %>'>

    </asp:TextBox><br />

    <asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update"

    Text="Update">

    </asp:LinkButton>

    <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel"

    Text="Cancel">

    </asp:LinkButton>

    </EditItemTemplate>

    (Apologies for not yet having figured out how easily to avoid that extra cut-and-paste white space.)

    As I was saying, adding the viewState stuff to web.config temporarily fixed the problem (aka "worked around yet another set of well-intentioned but ultimately unhelpful-at-best Microsoft defaults"). It reoccured later, presumably explained by the overrides to which the earlier MVP post refers, went away again after a re-boot, came back again out of nowhere because the parameters had magically capitalized themselves, went away after I repaired that, and has reappeared once more.

    This last occurrence was on the first look after changing that third item from a "Bind" TextBox to an "Eval" label.

    I honestly hope the preceding information is helpful to you guys somehow. This next bit is less likely to be.

    My diagnosis is that this obstacle is among a set of those that are raised on the SomethingOtherwiseLikelyToBeHelpful event.

    More seriously - actually, all joking aside - please add my voice to those who cry out for relief from security cures that are much MUCH worse that the sickness. Granted, my little application needs fairly little security, and I'm new to the technology. But I'd be happy to have a few thousand dollars every year hacked out of my retirement account if I never have to see another viewstate mac machine policy message result from a default to postback validation.

    While you're at it, can you work on the child seat laws? I live two miles from the beach, but couldn't drive my visiting nephews to it. Thanks.

    Thursday, February 9, 2006 1:50 AM
  • User1412998978 posted

    just fyi, my viewstate message pops before the page renders completely; I never have the opportunity to activate anything.

    Thursday, February 9, 2006 11:06 PM
  • User1220673890 posted

    Im having problems with this as well:  I tried the work around using this line

     <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    But Im not sure where in the web config this goes, every place I put it I get an error saying enableEventValidation is not a correct attribute.

    Also I noticed that I never get the Validation of viewstate MAC failed  error when the my page is run in FireFox, anyone else only get this error in IE ?.

     

    Thanks

    Tuesday, February 14, 2006 5:29 PM
  • User2032526919 posted

    Are you running ASP.NET v2.0 for sure? This is specific to v2.(like event validation and viewstate encryption)

    Here's docs about <pages> element: http://msdn.microsoft.com/en-us/library/950xf363.aspx

    Wednesday, February 15, 2006 4:35 AM
  • User1220673890 posted
    Yep Im sure Im using version 2. I tried it again puting the <pages> where it shows  in that link you provided, I still recieve this error though.

    Parser Error Message: Unrecognized attribute 'enableEventValidation'. Note that attribute names are case-sensitive.

    Source Error:

    Line 7:             autoEventWireup="true"
    Line 8: validateRequest="false"
    Line 9: enableEventValidation="false"
    Line 10: viewStateEncryptionMode="Never"
    Line 11:

    Source File: J:\CoMPortal\web.config    Line: 9


    Version Information: Microsoft .NET Framework Version:2.0.50215.44; ASP.NET Version:2.0.50215.44
    Wednesday, February 15, 2006 12:11 PM
  • User1220673890 posted

    Acually, I just tested it some more and it seems to work just fine on the Visual Studio Developement server so it must be some issue on the server its hosted on. Ill have to check it out.

    Thanks

    Wednesday, February 15, 2006 12:21 PM
  • User2032526919 posted

    In the posted error message, Framework version is Microsoft .NET Framework Version:2.0.50215.44

    .NET Framework 2.0 RTM version is v2.0.50727.42, so there's rather old version on the server, seems to be beta 2.

    Wednesday, February 15, 2006 1:19 PM
  • User-751836609 posted

    Hi All,

    Even i got the same Error 'Unrecognized attribute 'enableEventValidation'. Note that attribute names are case-sensitive', when i put that element into web.config but when i put that element into webform page tag it recognizes the element but having the same issue 'Validation of viewstate MAC failed' and i'm using .net Version 2.0.5238, is there anything else behind the cover.

    Thanx in Advance.

     

     

     

     

     

    Thursday, February 16, 2006 11:40 AM
  • User1236614269 posted

    I'm having a similar problem, but it's on a page that doesn't have a gridview. If I view source on that page, I do see one of these at the bottom:

    <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="longvaluehere" /> 

    Are there any other known causes of this bug, besides the gridview?

    Tuesday, February 21, 2006 11:39 AM
  • User1220673890 posted

    Well I got the framework updated on the server and now I get this error again

    Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

    I still have the <Page> attributes that are suppose to disable this but it dont help. And the the error only occurs in IE it never happens when the page is ran in Mozilla

     

    Friday, February 24, 2006 2:37 PM
  • User1220673890 posted

    Also it still works in IE while Im debugging using visual studios server, but what else is their to check on the server ? Version running on server is now -

    Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42

    Friday, February 24, 2006 3:17 PM
  • User-182232704 posted
    I have just recently upgraded to 2.0 in order to use Gridview - how sorry I am now.   I have had to code several workarounds to get the page working as it did before.  I am experiencing this viewstate message because  I have a  button outside of the grid.   My experience shows everything Crystal has listed, except for item 5.  My page rendering time is not an issue.    My page fails on load before I can test for postback.  It appears to me that 2.0 has a very long memory (apparently for the sake of efficiency).  Server variables persist much longer that one would expect.  I have tried the suggested workaround in the web.config, but to no avail. 

    Thanks for the moral support.
    Tuesday, March 7, 2006 12:05 PM
  • User1095738331 posted
    in what part / section of the web.config do oyu put this in?

    appsettings?
    Tuesday, March 7, 2006 2:54 PM
  • User2032526919 posted

    in what part / section of the web.config do oyu put this in?

    appsettings?

    <configuration>
       <system.web>
          <pages ... />
       </system.web>
    </configuration>

    Wednesday, March 8, 2006 11:37 AM
  • User1582583836 posted

    I am still getting this message after the proposed fix. If I view source of the page I can see before getting the error, the value of my viewstate is:

    <input type="hidden" name="__VIEWSTATEENCRYPTED" id="__VIEWSTATEENCRYPTED" value="" />

    It seems that any page hit after this will get the error.  What really stinks is that this is the first page of the web app.  Help please!

    Thanks,

    Ben

    Friday, March 17, 2006 1:00 PM
  • User1582583836 posted

    I did wind up fixing it with:

     <pages enableEventValidation="false" enableViewStateMac="false" viewStateEncryptionMode ="Never" >

    Friday, March 17, 2006 2:23 PM
  • User127049550 posted

    Not sure if you fixed your problem but i had a similar problem when posting from one page to another. I had a search box on the home page and wanted to pass what had been entered. I finally managed to solve the problem with

     

    <pages enableViewStateMac="false" enableEventValidation="false"/>

     

    Mark

    www.villacentre.co.uk,www.eventtravel.co.uk, www.villaworld.co.uk

     

    Wednesday, March 22, 2006 12:40 PM
  • User1220673890 posted

    I kept getting the 'Validation of viewstate MAC failed error' on a page that was in a folder that was viewable only when logged in. And when the only button on that page was clicked (it sends session varibles to another page then displays them on the new page) I usually got the 'Validation of viewstate MAC failed error'. But I just tried the code posted above in the Web.Config file and now when that same button is clicked the user is just logged out and brought to the log in page. Any ideas on how I could fix this ?

     

    Thanks

    Wednesday, March 22, 2006 3:18 PM
  • User413695545 posted

    I too had the "Validation of viewstate MAC failed" problem

    After trying all those edits to the <pages> section of my web.config file...  It turns out I too had an extra <form></form> tag in my code. Once I removed the extra <form> tag, it worked great. 

    It's always something stupid...   But .Net should catch this for me...  I think.

    Thanks,
    Chavak

    Monday, March 27, 2006 1:16 AM
  • User-361268526 posted

    just my two cents...

    it seems that there are times when the renderer gets confused... I had an application using a datagrid with all the specifications to generate the error and wasn't getting any, until I added masterpages. it seems that when inside an asp:content, the __VIEWSTATEENCRYPTED gets sent but not filled, thus giving the problem discussed.

    <input type="hidden" name="__VIEWSTATEENCRYPTED" id="__VIEWSTATEENCRYPTED" value="" />

    and giving the exception... turned off the security and fixed the problem... but it's a risky solution... :S

    hope Microsoft gets a hold on the problem and submits a hotfix soon...

     

    Wednesday, March 29, 2006 2:12 AM
  • User1651591607 posted
    I've been having the same problem since we upgraded to 2.0 and I've been following this thread for over a month.  I don't see any progress being made on addressing the problem by Microsoft.  It looks like a lot of people are having the same problem and there has been a bunch of good investigative work done here.  But, I don't see any indication that Microsoft is any where near a fix for this one.

    Is there any hope of a solution in the near term?

    We have a WAP site that was working without a hitch until we deployed 2.0 ...

    System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.UI.ViewStateException: Invalid viewstate.
        Client IP: 66.102.186.21
        Port: 59688
        User-Agent: Nokia7270/2.0 (03.25) Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Link/6.3.0.0.0
        ViewState: /wEXAQUDX19QD2QPBpgQJOuWIciIAgnb0vncAz6R1NfUSfkIbKJa5V9WQQ==
        Referer:
        Path: /html/error.aspx ---> System.Web.HttpException: Unable to validate data.
    Wednesday, March 29, 2006 9:17 PM
  • User2032526919 posted

     

    In case you want to have impact on thre matter, as I posted earlier in this thread, there's a related report on MSDN product feedback center
    http://lab.msdn.microsoft.com/productfeedback/viewfeedback.aspx?feedbackid=e08714b5-35cc-4520-9876-fe2851018453

    <STRIKE>I asked a few days ago about the status, they are still investigating this case.</STRIKE>
    UPDATE 4/6/2006: Microsoft is working on a QFE (quick fix) and they should have an update very soon.

    If it is exactly same scenario you face, you can vote for it (also comment on bottom of the page). And if you have steps which can be used to reproduce the error, even if it would occur in slightly different scenario, make sure you post the steps here, exactly and accurately (this thread is referenced on the report above) so that ASP.NET Team is aware of them. It always helps them to better "map" the issue (how wide the issue is, what needs to be changed in order to fix it, costs, should it be postponed or not and so on)

    Sunday, April 2, 2006 3:44 AM
  • User2146843441 posted

    The data needed to render the validation field is not available early in the page rendering.  One workaround would be to mark the form as disabled and then have client script re-enable it when the page is fully loaded.  We are looking for better options that account for this better.

    Tuesday, April 11, 2006 8:18 PM
  • User1554069031 posted

    I'm experiencing this error, but I managed to fix it with a work around...

    We have a working .NET 1.1 Visual Studio 2003 web site http://www.working.com/_2006 which I copied to http://www.newlocation.com/events/relicensure/_2006 and then began upgrading to .NET 2.0 Visual Studio 2005 with a sitemap and master page as part of the redesign. Registration for the event was located in a subdirectory path just as a way of organizing the various pages; though this site has few pages in general: http://www.newlocation.com/events/relicensure/_2006/events/default.aspx

    When I went to this registration page I got the Validation error when I clicked the "Add Registrant" button which would have run btnAddRegistrant_OnClick, except the error shows before the code is entered. I tried all the various fixes mentioned in this forum all to no avail.

    What I also noticed was the the error occurred on page http://www.newlocation.com/events/relicensure/_2006/default.aspx and not on page http://www.newlocation.com/events/relicensure/_2006/events/default.aspx where it should have been occuring. My masterpage is using the <base/> tag (which I would prefer to avoid, but...), so I figured this might be the cause of the problem, but without it I have to hard-code many of the otherwise relative links, and the site will also be dual hosted at http://events.working.com/relicensure/2006/ so hard coded links would be bad.

    Since I had a default page in both locations I decided to rename the /events/default.aspx to /events/addRegistrant.aspx which eliminated the Validation error, but caused an error saying /events/relicensure/_2006/addRegistrant.aspx could not be found. Which made sense in light of my previous observations but is totally confusing as to how the system was making this error.

    The "obvious' solution was to move the files to the root instead of leaving them in the /events/ subdirectory. As soon as I move the files, the errors went away. I'll be picking up the problem here this morning; but I figured that some of you might be strugglng against a similar set of circumstances and find this work-around useful.

    Thursday, April 13, 2006 8:55 AM
  • User2146843441 posted

    One way around the problem is to mark the form as disabled and then enable it in script once the load is complete.

    <form runat="server" disabled=:"true" id="form">
    ...............
    </form>

    <script type="text/javascript">
    function enableForm() {
       document.getElementById("form").disabled = false;
    }
    window.onLoad = enableForm();
    </script>

    Thursday, April 13, 2006 3:28 PM
  • User2032526919 posted

    One way around the problem is to mark the form as disabled and then enable it in script once the load is complete.

    <form runat="server" disabled=:"true" id="form">
    ...............
    </form>

    <script type="text/javascript">
    function enableForm() {
       document.getElementById("form").disabled = false;
    }
    window.onLoad = enableForm();
    </script>

    Matt,

    in case something like this ends up also being the final recommendation / fix to work a round, perhaps you guys could add such script, even though this is small one, into WebForms.js (resources in System.Web assembly). 

    Since you already have WebForm_ReEnableControls() and WebForm_ReDisableControls() there to enable disabled controls to post, so having built-in script to disable/enable form and perhaps HtmlForm. DisableUntilLoadedCompletely boolean property to control this behavior, would be quite acceptable in case nothing better is found to solve it.

    Saturday, April 22, 2006 3:26 AM
  • User2146843441 posted
    Yes, we will look to include whatever the final solution is into the Framework in a future release. 
    Sunday, April 23, 2006 9:34 AM
  • User348597747 posted

    Wanted to weigh in here a bit.  I've had some problems and followed this thread - but my issues have manifested a little differently.

    I created a simple page with a bound drop down.  Then I was using that drop down to filter the contents of a datagrid.  I got everything up and running without issue. 

    Once I read up on master pages, I thought that would be cool so I built one and took my original page and set it up to work with my new master page.  Again, everything worked great.

    However (this is where things go wonky) I was messing around with site navigation on the Master page and ran into needing a runat=server form on the Master.  Well, once I added that, my dropdown/datagrid page would complain about having two forms.  No problem.  I just delete the form tag from the dropdown/datagrid page and left it in the master.   When the dropdown/datagrid page loads initially, everything is fine.  If I wait a while to make sure the form elements have loaded and then change the drop down to initiate a post back and re-filter the datagrid, I get the now emphamis MAC failed stuff.

    I added the line <page> attributes mentioned here to disable validation and the page no longer crashes - of course it no longer works either.  That's right, changing the drop down now initiates a post back but the new value is not selected in the drop down and the datagrid does not filter by the new selection.

    I went backward a few steps and removed the form tag from my master and put it on my test page and everything works again.  So, it seems clear that having the form tags in the Master was "causing" this issue.  Any thoughts or advice for me here.  I really like the navigation living in the Master page, but can't do that if it requires running at the server.

    Monday, May 1, 2006 12:19 PM
  • User768828829 posted

    I was also facing the same error. Please check http://support.microsoft.com/default.aspx?scid=kb;en-us;Q312906 

    It worked for me. It might work for you as well.

    Tuesday, May 9, 2006 3:57 AM
  • User815240350 posted
    I also had this problem today , I have found out that if you are using the atlas and have the scriptmanager  partialRendering option on True then the form will show you the error , if the option is false then i dont get the error and the page works fine

    Has any one else found this
    Tuesday, May 9, 2006 12:01 PM
  • User420127759 posted
    Here's an idea:

    http://lab.msdn.microsoft.com/ProductFeedback/ViewWorkaround.aspx?FeedbackID=FDBK45363#6

    Override the Page.Render method, and intercept the HTML that is being sent ot the browser.  Then, move the hidden input fields that you want to move to the top of the <form> tag using basic string manipulation.

    This code is from DNN and I haven't actually tested it, but it gives you the general idea of what I'm talking about.

            Protected Overrides Sub Render(ByVal writer As System.Web.UI.HtmlTextWriter)
                Dim stringWriter As System.IO.StringWriter = New System.IO.StringWriter
                Dim htmlWriter As HtmlTextWriter = New HtmlTextWriter(stringWriter)
                MyBase.Render(htmlWriter)
                Dim html As String = stringWriter.ToString()
                Dim aspnet_formelems(2) As String
                aspnet_formelems(0) = "__EVENTTARGET"
                aspnet_formelems(1) = "__EVENTARGUMENT"
                aspnet_formelems(2) = "__VIEWSTATE"
                For Each elem As String In aspnet_formelems
                    'Response.Write("input type=""hidden"" name=""" & abc.ToString & """")
                    Dim StartPoint As Integer = html.IndexOf("<input type=""hidden"" name=""" & elem.ToString & """")
                    If StartPoint >= 0 Then 'does __VIEWSTATE exist?
                        Dim EndPoint As Integer = html.IndexOf("/>", StartPoint) + 2
                        Dim ViewStateInput As String = html.Substring(StartPoint, EndPoint - StartPoint)
                        html = html.Remove(StartPoint, EndPoint - StartPoint)
                        Dim FormEndStart As Integer = html.IndexOf("</form>") - 1
                        If FormEndStart >= 0 Then
                            html = html.Insert(FormEndStart, ViewStateInput)
                        End If
                    End If
                Next
                writer.Write(html)
            End Sub

    Monday, May 22, 2006 10:26 AM
  • User2032526919 posted

    Moving the ViewState field is not an issue, it can be solved relatively easily but moving EventValidation field on beginning of the form is (since event validation data is gathered on render).

    There are a few solutions, but impact on performance is the biggest question in all of them.

    Tuesday, May 23, 2006 12:21 AM
  • User2146843441 posted
    We have looked at capturing all of the form output as well, but there are potential issues with both of these approaches with rendering delegates changing the order of the expected rendering.
    Tuesday, May 23, 2006 12:29 AM
  • User420127759 posted
    We have looked at capturing all of the form output as well, but there are potential issues with both of these approaches with rendering delegates changing the order of the expected rendering.


    Interesting.  This is true even *after* Page.Render has finished executing? My suggestion was to override Page.Render in your code-beside, then call Page.Render and let it finish executing.

    I assumed that once Page.Render had finished executing in its entirety, that the page was completely rendered and no more rendering delegates were going to be called.  Did I misunderstand something?
    Tuesday, May 23, 2006 9:18 AM
  • User2146843441 posted
    No, not if you capture all of the page output, but if you do it for the form.  Parsing all of the text of the page will have perf implications.
    Tuesday, May 23, 2006 1:53 PM
  • User420127759 posted
    No, not if you capture all of the page output, but if you do it for the form.  Parsing all of the text of the page will have perf implications.


    In the places where I work, if it's a tradeoff between performance and stability, stability wins.  If we have to pump in more hardware to get the performance up to par, we do so, or we figure out an alternate process that's not as demanding on our hardware.  But we'd never be able to simply sacrifice stability for the sake of performance.

    Others may be different, though.
    Tuesday, May 23, 2006 2:22 PM
  • User2146843441 posted
    This isn't a stability issue though.  It's a functional issue for which we need a solution in the Framework that works for everyone.  For many applications, the workaround is sufficient and they would not want a large perf hit.
    Tuesday, May 23, 2006 2:37 PM
  • User-1331076166 posted

    Have MS released a Fix for this yet?

    This is constantly happening on our production server and is totally unaccectable.

    We have tried disabling the eventvalidation but no luck.

    The error seems to appear when a visitor has been idle on our site for a long time, and then presses a specific button. What that button does, is redirect to another page. This also seems to happen only to certain users running IE.

    So it appears that it has nothing to do with the page not fully loaded, at least not in our case.

    Also, the page that causes the error (default.aspx) has no gridview or other databound-controls that are using the DataKeyNames property.

    Any help would be much appreciated!

     

     

     

    Thursday, June 1, 2006 4:08 PM
  • User-1331076166 posted

    We just had this error again.

    It happens everytime someone is idle on the default page, for the session to run out, and then presses a button.

    No proposed solutions are working for us.

     

     

    Saturday, June 3, 2006 11:51 AM
  • User-1349918189 posted
    I met the same problem(only in IE not in FireFox). I fixed it (or say covered it) by adding the validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" in  the <page> directive. Thank you!


    Monday, June 5, 2006 4:18 PM
  • User-909375315 posted

    I'm not sure the best place to jump in on this thread....so here I go.

    We've been experiencing this problem since we upgraded from 1.1. to 2.0 two months ago.   We turned off validation

    <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    which seems to have resolved most of the MAC failed errors but we still seem to get a few each week on our internet site.  The interesting thing is that, so far, these seem to predominately happen on Apple Mac clients though the browser they use varies, i.e. MSIE 5, Firefox, Safari (we capture client info for all errors so we can check this kind of stuff).  Probably just a coincidence but it's an interesting one  (and I cannot duplicate this error on my test Mac using Firefox, Safari or Opera).

    Tuesday, June 6, 2006 2:40 PM
  • User-1321719665 posted

    I've been having the MAC failure problem, but only with one page fortunately (a complicated one that takes a while to load, I'll keep this in mind in my design from now on). 

    I didn't really want to open this possible security hole for my site, but I had a bit of an idea.

    To minimize possible security problems, I simply created a new web.config file in the subdirectory with the page.  The only item in it is the entry to turn off viewStateEncryption.   

    Thus the problem was solved and viewstate encryption is only turned off for the two files in that subdirectory (of which that particular file was the only one using it, anyway).

    This seems to be the best way to solve this problem, with the minimum impact, at the moment.

    Monday, June 12, 2006 11:56 AM
  • User2032526919 posted

    I've been having the MAC failure problem, but only with one page fortunately (a complicated one that takes a while to load, I'll keep this in mind in my design from now on). 

    I didn't really want to open this possible security hole for my site, but I had a bit of an idea.

    To minimize possible security problems, I simply created a new web.config file in the subdirectory with the page.  The only item in it is the entry to turn off viewStateEncryption.   

    Thus the problem was solved and viewstate encryption is only turned off for the two files in that subdirectory (of which that particular file was the only one using it, anyway).

    This seems to be the best way to solve this problem, with the minimum impact, at the moment.

    You can also set it in @Page directive.

    <%@ Page Language="C#" ViewStateEncryptionMode="Never" EnableEventValidation="false" %>

    Tuesday, June 13, 2006 1:21 AM
  • User2146843441 posted
    I cringe at the prospect of simply turning off validation to avoid the longer load time issue.  What about the approach of including script that disables the post until all of the viewstate is loaded?  Does that not work?
    Tuesday, June 13, 2006 2:12 AM
  • User1885962467 posted

    I have a VS2005 web form which posts to a VS2003 web form on a different server (both W2003 advanced).

    The VS2005 web form has a <asp:button> tag on it which I put on there for testing.  It has no events, just a crosspost URL.  I don't use it any more, but if I delete it or even add a Visible="false" attribute, I get the "Validation of viewstate MAC failed" error!

    If I put the button back, everything works fine.

    It doesn't matter what directives I add to the page.

    The only other controls on the page are two hidden html <input> controls and a literal control.

    What's up with this?

    Thanks, Bill

    The form code is below.

    <%@ Page Language="VB" EnableEventValidation="false" EnableViewStateMac="false" ValidateRequest="false" ViewStateEncryptionMode="never"    AutoEventWireup="false" CodeFile="wfUserRequestOpener.aspx.vb" Inherits="wfUserRequestOpener" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
        <title>Test</title>
        <script language=javascript>
        function submitForm(){
            window.document.frmApproval.action="http://test/vs2003webform.aspx";
            window.document.frmApproval.method="post";
            window.document.frmApproval.submit();
        }
        </script>
    </head>
    <body>
       <form runat=server name=frmApproval id=frmApproval
            action="http://test/vs2003webform.aspx" method=post >
        <div>
     <input type=hidden id=txtUserName name=txtUserName runat=server value="unm">
     <input type=hidden id=txtPassword name=txtPassword runat=server value="pwd">
           <asp:Button ID="Button2" runat="server" Text="ASP button with cross post"
           PostBackUrl="http://test/vs2003webform.aspx" />
        </div>
           </form>
        <asp:Literal ID="Literal1" runat="server" Text= "<script language=javascript>submitForm();</script>"></asp:Literal>
    </body>
    </html>

     

     

    Wednesday, June 14, 2006 12:05 PM
  • User2146843441 posted
    I suspect that the browser is sending cached data.  Try clearing your cache.
    Wednesday, June 14, 2006 12:35 PM
  • User1885962467 posted

    Thanks for the suggestion.

    I cleared the cache, but the error still occurs if I set the visible attribute of the asp:button in the source page to 'false'. 

    The target page is displayed without error if I set the visible attribute of the asp:button to 'true'.  I make no other changes to the page

    The target web site on the different server was created in VS2003.  The page retrieves the username and password from the request collection of the VS2005 web form and uses them to log in to a database and display data.  The data is displayed correctly even when I change it in the database.

    Also, I'm using the Response.Cache.SetCacheability(HTTPCacheability.NoCache) in the page - load event of the VS2005 source page.

    Could this be related to the target page being a VS2003 web form? 

    Thanks

    Wednesday, June 14, 2006 1:17 PM
  • User2146843441 posted
    Yes, the format of the viewstate serialization changed between v1.1 and v2.0.  That is the root of the problem.
    Wednesday, June 14, 2006 1:39 PM
  • User1885962467 posted

    I can't conceive of an explanation for the behavior I'm seeing.

    I have repeated the test alternately dozens of times and the behavior is identical.

    If I set the visible attribute = false for the asp:button, I get the error every time; otherwise, it works fine, every time.  I change nothing else.

    I have also noticed that I get this error every time if I move the Literal control within the </form> tag, and never if the Literal control is outside the form tag (and the asp:button is visible).  I have also done this alternately dozens of times.

    I can work around this in my application, for now, but I would be very interested in understanding what the heck is going on.

    Thanks for your help!

    -Bill

     

     

     

     

     

    Wednesday, June 14, 2006 2:53 PM
  • User-2108015924 posted

    This error can manifest itself due to another issue as well which I found out recently.

    On some browser implementations (in my case IE on a pocket PC iPAQ) a hidden field has a limited length, and can be fairly short.  This can cause viewstate, encrypted viewstate and eventvalidation hiddenfields to be truncated.  If any of those fields get truncated the error can be displayed.

    My current solution for the web app I'm building (to be viewed only on a PDA like a pocket pc) was to turn event validation off, which gets rid of one of the hidden fields.  Second, I stored the viewstate in the session which stopes the viewstate hidden field from being populated.  So far this has eliminated the proplem entirely, although there can be some issues when using the back button due to storing the viewstate in the session. 

     

    Thursday, June 15, 2006 1:38 PM
  • User2146843441 posted
    For mobile browsers that place limits like this you can switch from using the HiddenFieldPageStatePersister to the SessionPageStatePersister.  It will consume more server resources but minimizes the amount of state sent to the client.
    Thursday, June 15, 2006 2:16 PM
  • User-1092854931 posted
    This helped me without adding anything else:

    Validation of Viewstate MAC Failed
    Thursday, June 22, 2006 7:17 AM
  • User-2108015924 posted
    I just realized in asp 2.0 you can use the maxPageSateFieldLength attribute of the Pages element in the web config.  That will split the viewstate across multiple hidden fields if the content length is larger than maxPageSateFieldLength.
    Tuesday, June 27, 2006 1:25 PM
  • User-200495901 posted
    I too have run into this error, however I do not have a GridView.

    I'm using a FormView with a DataKeyName in it, it appears that the error isn't just GridView, probably all the ASP Views.

    what I'm doing is I'm designing where i have a form, it has on it a bunch of information it pulls from the database, one of which is a listing in a drop down of all image files that have yet to be checked (now they may be an actual image, a pdf, or a multitude of other files, but they are files nonetheless.

    on selecting one of them, all the information changes and a preview of the image (if it is one) shows in a box below that.

    I was just doing it and getting this error.

    I uploaded an image, and all of a sudden it worked fine, and now I can't get it to break again.

    I certified the image so that it wasn't in the listing anymore as to break it again, but it's not breaking.

    I did do the work around in the web.config, although I really hate the idea of just turning things off that are being used, although I guess that's the way it has to be done for now.

    Hope this helps

    If I can come up with anything else I'll let you guys know
    you can email me if you want
    jon.kress at globalmediaworks hyphen llc.com
    Wednesday, June 28, 2006 5:38 PM
  • User1885962467 posted

    If I include a asp:button in my form which crossposts to a (nonexistent) form, the error does not occur.

    I don't use this button to submit the page; in fact I hide it (but it can't have the visibility set to false).

    Having a button which crossposts creates a hidden field at the bottom of the page:

       <input type="hidden" name="_PREVIOUSPAGE" id="_PREVIOUSPAGE" value="xxxxx..." />

    I don't know why this matters, but simply including this button prevents the error.  I have tested it repeatedly.

     

    Friday, June 30, 2006 11:27 AM
  • User-287802332 posted
    Can You just set the controls to visible=false until the viewstate mac is valid?
    If so how would I do that in VB?
    I tried a few things to no avail.
    Friday, July 14, 2006 9:53 AM
  • User2146843441 posted
    You can still get the error on a cross-page post if all of the viewstate is not posted to the target page.  It would occur when you instantiate the PreviousPage.  Setting controls visibility will not workaround the issue as the viewstate still has to be validated.
    Friday, July 14, 2006 12:21 PM
  • User-287802332 posted
    "Setting controls visibility will not workaround the issue as the viewstate still has to be validated."

    Right so isn't there something i can do like  Sub ... on Viewstate.Validated then control.visible???
    Friday, July 14, 2006 12:50 PM
  • User1399040918 posted
    This probably won't be appropriate to most people, but I received the error because I had set CancelSelectOnNullParameter = False on the datasources for my gridviews (I have a page with 6 gridviews and search fields at the top of the page).

    I changed this back in the designer to True, and then I added some code to the postback section of my Page_Load event :

             if (!Page.IsPostBack)
             {

                         // ......etc
             }else{
                         sds1.CancelSelectOnNullParameter =
    false;
               // ......etc
             
            }

    Didn't have to change the web.config. Hope this helps someone else!

    Tuesday, July 18, 2006 6:05 AM
  • User-631442763 posted
    I received the same error. Strangely, it wouldn't show up in Firefox; only in IE. The page I was working with has had incremental upgrades and recently upgraded to .NET 2.0. The page has several panels (some controlled by a wizard, some stationary), a masterpage, several customized datalists (embedded controls), repeaters, etc. I realized one of the datalists had an unnecessary DataKeyName (after reading this post) and deleted it. After which, I received another error about EnableEventValidation="True" (which was missing on the page and web.config). Adding the directive to the page and setting to false seems to have 'fixed' the 'bug' from popping up, unfortunately, I am left without postback data checking. On the bright side, i built the data processing object in multiple teirs and inherently checks the data, so it may be a ok trade-off. Bryan
    Monday, July 31, 2006 12:01 PM
  • User1483626297 posted

    How do you turn off even validation?  I don't care much about security on my site.

    And I get this error after the page has fully rendered.  I'm using that Login feature, where it changes the value/link to login/logout.

    One thing I noticed (on view source) was this variable was huge, over 20,000 characters long.

     

    <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="vg0lZWr...20k characters

    Sunday, August 6, 2006 3:43 PM
  • User-125636336 posted

    I have read the full 6 pages (90 posts) and tried just about every single suggestion. nothing has fixed this error.

     My c# asp.net 2.0 website has not been upgraded from a 1.1 or 1.0 project. I built it from scratch, using 2.0 the whole time.

    The error I am getting is:

    The state information is invalid for this page and might be corrupted.

    and my current web.config file looks like this:

    <pages

    enableViewStateMac="false"

    enableEventValidation="false"

    viewStateEncryptionMode="Never"

    maxPageStateFieldLength="90"

    validateRequest="false" >

     

    The page(s) that produce this error are all on Firefox. I simultaneously run IE on the same pages to test things at the same time and find that IE has no conflicts whatsoever, these errors are occuring in Firefox

     I don't know what other information i can give to try and help my situation getting an answer on how to resolve this issue.

     any suggestions?

    Wednesday, August 30, 2006 7:59 PM
  • User988234007 posted

    Son of a gun.  I've been wrestling with this issue for days now, and I just figured out a way around it.  My web setup is a master page situation.  I was going from one page to the other via Server.Transfer.  On a whim, because I've tried everything else, I changed it to Response.Redirect and heaven opened up and the birds started to sing.  No more MAC error message. 

    Just something else to checkout.  I hope this saves someone else a few hours of frustration.

     Steve

    Monday, September 11, 2006 9:23 AM
  • User1947991157 posted

    TRY to put :

    <pages maxPageStateFieldLength ="10">

     ur problem might b solve ^^

    Friday, October 6, 2006 5:35 AM
  • User1754394156 posted

    Son of a gun.  I've been wrestling with this issue for days now, and I just figured out a way around it.  My web setup is a master page situation.  I was going from one page to the other via Server.Transfer.  On a whim, because I've tried everything else, I changed it to Response.Redirect and heaven opened up and the birds started to sing.  No more MAC error message. 

    Just something else to checkout.  I hope this saves someone else a few hours of frustration.

     Steve

    Well it sure did it for me. Tried all the other suggested solutions in vain. It would have taken me about 17 years or so to figure this one out. Thanks [:D] 

    Monday, October 9, 2006 5:24 PM
  • User-2108015924 posted
    Interesting.  I found that I had to change my Response.Redirect to Server.Transfer in order to solve the problem.  In our scenario we had a drop down box.  when the selected item was changed we did a response.transfer to a page based on the item selected.  We found that when using a pocketpc the viewstate MAC error manifested itself if the user clicked the back button.  The odd thing was that on desktop browsers we couldn't recreate the error.  Response.Redirect sends information to the browser which causes it to redirect to the url, which means behaviour could be browser specific, and obviously the browsers on the PDAs we were using are doing something strange (Peeking at the viewstate, it appears that the PDA browser is doing a post and posting the wrong viewstate - it should be posting the viewstate of the previous page).   Using server.redirect just changes the page context on the server so the browser has nothing to do with it, and behaviour is consistent through all browser implementations.
    Thursday, October 12, 2006 11:39 PM
  • User-125636336 posted

    this error seems to occur much more often, on our websites, when it involves postbacks on pages which are using fake urls.

    - fake url as in, the url you requested was www.site.com/a/s/d/f/page.html but the <form> postback url is defined as www.site.com/fakeurl_customhandlerpage.aspx

     

    however, it also occurs on pages with postback on 'normal' urls/pages... 

     

    sharing this info in hopes that perhaps this information will spark some insight into the underlying issue 

    Friday, October 13, 2006 1:08 AM
  • User-489399265 posted

    I hate to open up an old wound, but I was curious to know what was the best solution to this problem.

    I created a ASP.NET 2.0 web application and I am having a similar problem. Although I most saw I don't have "Validation of viewstate MAC failed' anywhere in my error I do have "The state information is invalid for this page and might be corrupted." Every solution that I see seems to point to this solution; http://support.microsoft.com/kb/323744. But I haven't deployed my app to anyserver and I am running it in VS 2005, on my local machine.

    Was there any solution to this problem?

    Tuesday, October 31, 2006 12:07 PM
  • User-893814430 posted

    Gang:

     

     

    Thursday, November 9, 2006 5:05 PM
  • User-315359434 posted

    Hi everyone!

     I am using asp.net base pages and recieving the same error message, I have searched a lot with one solution suggested through out being:

     <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    I tried this, but it didnt help me, because I think this was suggested for the fact that user clicks any link before the page being fully rendered. In my case its a bit different. I use an asp.net menu control which has catagories and subcats.  When i redirect through the menu, it gives that error.

    Now when I used the above in my web.config file, the error became random, it doenst give error on first time i clicked subcat from menu, but it did the 2nd or probably 3rd time, and this continue.

    Another thing, I am not sure about my webserver being a web farm/cluster, suppose if my server is a web farm, what should i do to remove this error.

    I tried it on another server and this error comes only ocationally, just when the page remained open for quite a while and then I used menu to redirect, it gives the same error, but it wouldnt give the error instantaneously just like it did on my server A.

     P.S: I also saw someone suggested the following which i need to be explained, if someone could:

    Another way to eliminate the Error, add this to your Button which triggers the Postback Event:

    <!--
    {\rtf1\ansi\ansicpg\lang1024\noproof1252\uc1 \deff0{\fonttbl{\f0\fnil\fcharset0\fprq1 Courier New;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0??;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;??\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;??\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;??\red192\green192\blue192;}??\fs20 \cf6 PostBackUrl\cf2 ="~/Warenkorb-cto0de.aspx"}
    -->

    PostBackUrl=”~/yoursite.aspx”

     

    In my case I dont have an asp.net button on the said page, plus what could be the explaination for that, and how can I use it.

     

    waiting for answer from any asp.net guru arround.

     

    regards

    Yasser khan

    Tuesday, December 12, 2006 9:42 AM
  • User-315359434 posted

    Hi everyone!

     I am using asp.net base pages and recieving the same error message, I have searched a lot with one solution suggested through out being:

     <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    I tried this, but it didnt help me, because I think this was suggested for the fact that user clicks any link before the page being fully rendered. In my case its a bit different. I use an asp.net menu control which has catagories and subcats.  When i redirect through the menu, it gives that error.

    Now when I used the above in my web.config file, the error became random, it doenst give error on first time i clicked subcat from menu, but it did the 2nd or probably 3rd time, and this continue.

    Another thing, I am not sure about my webserver being a web farm/cluster, suppose if my server is a web farm, what should i do to remove this error.

    I tried it on another server and this error comes only ocationally, just when the page remained open for quite a while and then I used menu to redirect, it gives the same error, but it wouldnt give the error instantaneously just like it did on my server A.

     P.S: I also saw someone suggested the following which i need to be explained, if someone could:

    Another way to eliminate the Error, add this to your Button which triggers the Postback Event:

    <!--
    {\rtf1\ansi\ansicpg\lang1024\noproof1252\uc1 \deff0{\fonttbl{\f0\fnil\fcharset0\fprq1 Courier New;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0??;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;??\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;??\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;??\red192\green192\blue192;}??\fs20 \cf6 PostBackUrl\cf2 ="~/Warenkorb-cto0de.aspx"}
    -->

    PostBackUrl=”~/yoursite.aspx”

     

    In my case I dont have an asp.net button on the said page, plus what could be the explaination for that, and how can I use it.

     

    waiting for answer from any asp.net guru arround.

     

    regards

    Yasser khan

    Tuesday, December 12, 2006 9:45 AM
  • User-893814430 posted

    Yasser:

    Wednesday, December 13, 2006 9:00 AM
  • User-893814430 posted

    Yasser:

    Wednesday, December 13, 2006 9:00 AM
  • User-1799349669 posted

    OK, I got the same error under different circumstances. I am using Ajax to dynamically display a list of text inside a Placeholder when a label is clicked. When the label is clicked it calls the javascript which calls a "blank" aspx page that creates the list and places it in the appropriate position in the placeholder. I got the error when I would click the label to display the text list (which worked fine) then click another button on the page that posts back to the server. Here's what I did to fix it:

    The markup for my "blank" page that creates the text list looked like this:

    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ViewText.aspx.cs" Inherits="ViewText" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
        <title>Untitled Page</title>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>
       
        </div>
        </form>
    </body>
    </html>

     
    I got rid of the form and everything inside it an POOF, it worked. I know this isn't the problem alot of you are having but it took me forever to find this and I just wanted to put this out there for anyone else with the same problem.

     

     New "blank" page:

    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ViewText.aspx.cs" Inherits="ViewText" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
        <title>Untitled Page</title>
    </head>
    <body>
    </body>
    </html>
     

    Wednesday, December 13, 2006 10:34 AM
  • User-315359434 posted

    Hi! 

    Thanks for your answer, I queued all the workable work arrounds [:)] and already got it working with EnableViewStateMac="false" in pages tag in web.config file. But I am not satisfied with this work arround, because the drawback you mentioned is going to get into consideration very soon.

     Is there any other solution to it, because a stange thing i found is when I test it on another domain (not my server) it doesnt give error, even though I didnt disable viewstateMac. I contacted the technical person at my domain and asked them about the server, they said its a VPS server, I am new in these things so dont know whether a VPS server is actually a cluster server or not, and they didnt give me answer too when I asked whether our server is based on web farm or not, just said, its a VPS server.

    Can any one help me, suppose if its a web farm based server, I saw an article or two but not good engouh, if anyone can give me a link from where i could take help or guide me a bit.

     Thanks in advance

    Regards

    Yasser Khan

     

    Wednesday, December 13, 2006 10:37 AM
  • User866304822 posted

    I just realized in asp 2.0 you can use the maxPageSateFieldLength attribute of the Pages element in the web config.  That will split the viewstate across multiple hidden fields if the content length is larger than maxPageSateFieldLength.

     I just recieved this error in an application which has been running without error for many months. It turns out the hidden input field limitation was causing it and I just needed to add:

    maxPageStateFieldLength="5000"

    This solved the problem in IE, have not yet tested other browsers.

     The other solutions also worked but turning off event validation and viewstateencryption was not necessary. 

    <pages validateRequest="false" maxPageStateFieldLength="5000"><!--viewStateEncryptionMode="Never" enableEventValidation="false"-->

     

    Hope this helps someone....

    Andrew 

     

     

     

     

    Friday, December 15, 2006 4:16 PM
  • User-315359434 posted

    Well I have been looking into this for a while now, and found few of the solutions that could be checked (A lot help from previous pages of this thread). I will try to summerize it for those who are getting this error. Also I found that the cause of this error could be more then one I will try to summerize that too. I am very inexperience and very young in this field so if any of the experience guys find anything wrong in it, I will be obliged for their correction and guidence.

    Causes: 

    1.  If your page has some heavy controls like data grid that takes a while to render. or even sometimes without that, you try to postback again before the page has fully rendered, you will get this error.

    • Suggestion1: Either try to lock all the controls on the form so that no one can click any control unless the whole page is rendered.
    • Suggestion2: In the pages tag of web.config file add <pages enableEventValidation="false"/> or if it still persists use <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />.
    • Suggestion3: Check the post of jbeall under the heading Another workarround in this same thread Page4. Following is the link to it. http://forums.asp.net/4/1494515/ShowThread.aspx 

    Note: You might get Parser Error Message: Unrecognized attribute 'enableEventValidation'. Note that attribute names are case-sensitive error if you try the above suggestion2, the reason might be an older version.
     

    2. Some times, you get the same error even if allow the whole page to load completely and then click to post back to another page, you get the same error, you try the above solution and it doesnt work. (I managed to solve this in two ways and I will try to tell both)

    • Suggestion1: I got the it sorted by putting <pages  EnableViewStateMac="false"/>. in the web.config. But this has its own shortcommings, that could be found in this link.
    • Suggestion2: Another thing that worked for me was adding the machine key attribute in the web.config file with the following:

    <pages enableViewStateMac="true" viewStateEncryptionMode="Always">

    <machineKey validation="SHA1" decryption="AES" validationKey="use any valid key" decryptionKey="Use valid key here"/>

    The following link might help you about the machinekey and a module about how to generate the validation and decryption key. http://msdn.microsoft.com/en-us/library/ms998288.aspx

     Note: This suggestion is addressing those who uses web farm for their web server. But I think its worth trying even if you are not on a web farm.

    3. There are some other ways that worked for some people, some of them are here:

    • For some, they have duplicate form tag in the page, removing the duplicate sorted it out.
    • For some, using maxPageStateFieldLength="10" (not sure whats the ideal length to work), sorted the problem. This will split the viewstate across multiple hidden fields if the content length is larger than maxPageSateFieldLength.
    • For some replacing server.transfer by response.redirect also worked. or vice versa. (Not sure why [:D] )
    • For some, problem eliminated by adding this to your Button which triggers the Postback Event:

      <!--
      {\rtf1\ansi\ansicpg\lang1024\noproof1252\uc1 \deff0{\fonttbl{\f0\fnil\fcharset0\fprq1 Courier New;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0??;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;??\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;??\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;??\red192\green192\blue192;}??\fs20 \cf6 PostBackUrl\cf2 ="~/Warenkorb-cto0de.aspx"}
      -->

         PostBackUrl=”~/yoursite.aspx”

    I hope any of the above works for those who are frustrated with this error like me and want it to be removed quickly.

    Saturday, December 16, 2006 1:24 AM
  • User-1789326781 posted

    I was having this problem on a page. The solution was enableEventValidation="false" and viewStateEncryptionMode ="Never" at the page level.

     I'd like to point out that I was ONLY seeing this error on IE. Firefox seemed to work just fine.

     Everything below is prure speculation:

    Since we all know that viewstate is saved in hidden input elements, and that this error can relate to a corrupted viewstate, or one not signed with the same cipher-key. I wonder if the fact that IE causes this error and Firefox doesn't could have something to do with IE having a maximum string length for the value of a hidden input element, and Firefox not having that restriction. A overflow on the max size would result in a truncated viewstate which wouldn't validate against the checksum.


    I've got to admit that this has me pretty worried. Disabling event validation might just surpress the error message and not actually solve the root of the problem. Ergo the page might be using garbage data from a corrupted/truncated viewstate. Not too mention that sql injection is much easier when using unencrypted viewstates.
     

    Monday, December 18, 2006 2:33 PM
  • User219851468 posted

    Well everyone,

     

    i have read alot of posts within this post and i rectified the problem by removing the validatio controls that .NET 2.0 and visual studio offer.

     

    Thats all.... not really happy about it and will do some more testing before i give up using it and do real postback validation but that was my fix.

     

    Ilan
     

    Monday, December 25, 2006 9:35 AM
  • User1549215488 posted

    I just got a user that got this error message, and found this thread.

    I have not had a chance to look into any of the mentioned solutions, but hope that something here will help solve my problem.

     

    My reason for adding to the post, is that according to the error message my user got, their browser was Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3.

     
    So it doesn't appear to always be a IE issue, because I just had a Safari user with an issue.  Then again, I have a user in my office with a Mac, and I had him play around on the site with both the Mac install of FireFox and Safari and could get it to crash...
     

    Thursday, January 18, 2007 10:22 AM
  • User-1049287122 posted
    I'm getting the same error message if my Internet connection is slow (in fact I have packet loss) I don't have any of those controls  , just to let you know and any idea about this??
    Monday, February 5, 2007 9:48 AM
  • User-1049287122 posted

    and it only happens w/ firefox, so  the situation is exaclt y like this :  I can open the same page sometimes but some other times it gives me this error message

    its driiving me crazy ms fans where are you 

     

    Monday, February 19, 2007 7:17 AM
  • User-1428145980 posted
    Are you using WS2K3?  If so, I have resolved this issue by changing the IIS metabase configuration AspMaxRequestEntityAllowed to a higher value.  Let me know if this resolves the issue for you.
    Monday, February 19, 2007 3:30 PM
  • User-1049287122 posted
    It's shared hosting , I don't know what the OS , btw  I m getting the same problem also with other pages for example login screen :2 textboxes
    ,
    Wednesday, February 21, 2007 2:28 PM
  • User1001125431 posted

    Refer this post

    http://forums.asp.net/thread/1593735.aspx

    Sunday, February 25, 2007 12:08 PM
  • User-758987254 posted

    Hi,

    I'm getting the "State information is invalid for this page.." error in my 2.0 application.

    Here's the stack trace...

     [FormatException: Invalid character in a Base-64 string.]
       System.Convert.FromBase64String(String s) +0
       System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +72
       System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) +4
       System.Web.UI.ClientScriptManager.EnsureEventValidationFieldLoaded() +172

    [ViewStateException: Invalid viewstate.
     Client IP: 127.0.0.1
     Port: 2457
     User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
     ViewState: /wEWDgKz9/rICwLHutD+CALGutD+CALFutD+CALEutD+CALDutD+CALCutD+CAL+zqO2BAKumt/pCgL02IbADwKWhp0xAuPlhaEKAvqd16YFAsj85wu966nOH49x5xVsDPbw+2SXIE3TZQ==,/wEWDQLRvFYCq4qqrQMCqoqqrQMCqYqqrQMCqIqqrQMCr4qqrQMCroqqrQMCguTXuwkCk63+wAgC9prE2g8Cy667vQ8C/+PXuwkCgOTXuwlXy+nJ0a/ojzAh+hTsZyZqtxcwPw==
     Referer: http://localhost/HealixScreening/PrepareScreening.aspx
     Path: /HealixScreening/PrepareScreening.aspx]

    [HttpException (0x80004005): The state information is invalid for this page and might be corrupted.]
       System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +116
       System.Web.UI.ClientScriptManager.EnsureEventValidationFieldLoaded() +209
       System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument) +67
       System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument) +106
       System.Web.UI.WebControls.DropDownList.LoadPostData(String postDataKey, NameValueCollection postCollection) +55
       System.Web.UI.WebControls.DropDownList.System.Web.UI.IPostBackDataHandler.LoadPostData(String postDataKey, NameValueCollection postCollection) +11
       System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad) +408
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
       System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
       System.Web.UI.Page.ProcessRequest() +86
       System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
       System.Web.UI.Page.ProcessRequest(HttpContext context) +49
       ASP.preparescreening_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\healixscreening\0d563ebe\185d18e6\App_Web_preparescreening.aspx.cdcab7d2.e8k4sb1d.0.cs:0
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

    So I looked in the source of the rendered page, and there are 2 __EVENTVALIDATION fields.

     ...

    <div>

     <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWDgKz9/rICwLHutD+CALGutD+CALFutD+CALEutD+CALDutD+CALCutD+CAL+zqO2BAKumt/pCgL02IbADwKWhp0xAuPlhaEKAvqd16YFAsj85wu966nOH49x5xVsDPbw+2SXIE3TZQ==" />
       
        </div>
       
    <div>

     <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWDQLRvFYCq4qqrQMCqoqqrQMCqYqqrQMCqIqqrQMCr4qqrQMCroqqrQMCguTXuwkCk63+wAgC9prE2g8Cy667vQ8C/+PXuwkCgOTXuwlXy+nJ0a/ojzAh+hTsZyZqtxcwPw==" />
    </div></form>

    ...

    I have increased the maxPageStateFieldLength property in case that was forcing the creation of 2 fields, but with no luck.

    I'm not even sure that's the real problem as the error seems to be [FormatException: Invalid character in a Base-64 string.]

     Any help would be really appreciated.

     Thanks

     Chris

    Monday, March 5, 2007 6:59 AM
  • User-758987254 posted

    Further to my last post, I've added the following to the web.config

     viewStateEncryptionMode="Never" enableEventValidation="false"

    and now, I only get 1 __EVENTVALIDATION field in the source.

    <div>

     <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWDgKz9/rICwLHutD+CALGutD+CALFutD+CALEutD+CALDutD+CALCutD+CAL+zqO2BAKumt/pCgL02IbADwKWhp0xAuPlhaEKAvqd16YFAsj85wu966nOH49x5xVsDPbw+2SXIE3TZQ==" />
        
    </div>

    which seems to have solved the problem, but obviously it's not as secure as it should be.

    Any ideas?

    Chris

    Monday, March 5, 2007 7:08 AM
  • User759401241 posted

    Well, I killed this day in fight with this problem, and indeed came to conclusion that there is some problem with ViewState length.

    My solution was quite simple (after playing with mentioned above solutions that each having some drawbacks) - I have a custom view state manager, written by myself, which, for example, allows to compress view state or even save it on server. After enabling the compression of view state (which decreased its size for just about 10%, nothing to be happy about) the problem vanished. The view state manager is writing view state into different hidden field, so probably there is a bug in standard ASP.NET view state saving/loading procedure.

    I hope this will help. 

    Dmitry.

    Monday, April 2, 2007 10:07 AM
  • User717684155 posted

    I ran into this same problem.

    I haven't read all of the other postings, but our problem turned out to be a second form tag nested within the first.  This was an ASP 2.0 site with AJAX installed.

     Problem solved

     Palm Beach Software Design, Inc

    http://www.PalmBeachSoftware.com

    Wednesday, April 25, 2007 5:16 PM
  • User-72533834 posted

    Problem: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

     

    I was using a Repeater with Ajax Button.  The problem was we had URL Rewriting and were using an Actionless Form.  Instead of removing the action attribute, we added

    writer.WriteAttribute("action", HttpContext.Current.Request.RawUrl);

     which seems to be fixing the problem.
     

    Wednesday, April 25, 2007 8:15 PM
  • User-1513150803 posted

    Hi All,

    I have been working on this problem for a couple of days now and am in the process of testing a working theory that I have on the cause.  I will post an update as soon as I have proof of a workaround later today (30 Apr 2007) 

    If you are still seeing this message "The state information is invalid for this page and might be corrupted" and the following statements are true, read on: 

     * If your application is hosted by a Web Farm / cluster AND

     * you have ensured that the machine keys on all the machines are the same

     * you are running a .NET 2.0 web site and not a web application.  (See here for explanation of difference) I emphasise web site because this is the scenario that can cause the error

     

    check the entire stack trace and look for an exception that mentions: Could not load file or assembly 'App_Web_xxxxxx, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.] (where 'xxxxxx' is random)

    One subtle possible cause for this problem is likely by putting custom types in the viewstate on a web-farm for .NET 2.0 web site. ASP.NET 2.0 web sites are compiled on the web server as the source is deployed with the project (see above hyperlink for explanation).  The resulting assembly files are randomly named.  If you happen to have a custom enum (or any custom type for that matter) that is stored in the viewstate of on one of your pages, e.g.

     enum WeekDays {Sun=1, Mon=2, Tue=3, Wed=4, Thu=5, Fri=6, Sat=7};

     even though this enum is based on an int, if you do the following on your page:

    ViewState("myWeekDay") = WeekDays.Sun

    you will effectively be serialising the WeekDays type into the viewstate. Note that this serialisation will include the assembly name e.g App_Web_asdfghh (the randomly generated one that was generated when your site compiled on first run).  Now when your load balancer / cluster directs the client browser to any other server in the cluster, that server will try to de-serialise the viewstate.  The problem is that server will have NO KNOWLEDGE OF App_Web_asdfghh because its own version of that assembly will have been compiled with a completely different random name, and it will not be able to de-serialise the viewstate, hence the message:

    The state information is invalid for this page and might be corrupted

    To get around this problem, AVOID PLACING custom types into the viewstate.  For the scenario above, the WeekDays enum is based on an int, so this may be preferable:

    ViewState("myWeekDay") = (int)WeekDays.Sun

    For more complex custom types, these will need to be moved into a seperate class library project that is pre-compiled before deploying to the web-servers.  This way, it can be ensured that every web server has a copy of the same assembly and that the assembly has the same name!  Try to avoid creating custom types in your App_Code or any of your web site files.  Rather create custom types in their own project to be compiled into a seperate assembly.

    Second post confirming this to follow shortly.
     

    Monday, April 30, 2007 5:14 AM
  • User-1513150803 posted

    I can confirm that my post at 04-30-2007 10:14 AM has resolved the problem for me.

    WebSite Projects generate randomly named runtime assemblies and any types in these assemblies usually cannot be passed around servers in a Web Farm because the random names for the assemblies are different on each server.

    Tuesday, May 1, 2007 4:05 AM
  • User-841356318 posted

     I wanted Microsoft to know about the problem we are having with this site.

    The error I'm getting is this: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. 

    I have a very basic aspx page. I do not have any controls apart from some text boxes and just one form. I get this error when I leave the page idle for long. I do not think it occurs when session expires because I made the session timeout for 1 min, but still it occurs when I leave the page idle for more than 20 minutes... any clue whats going on?

    I have tried this in the web.config file:

          <system.web>

                <pages enableEventValidation="false" enableViewStateMac="false" viewStateEncryptionMode ="Never"  smartNavigation="false" />

    This works on our development machine (2003, IIS6 & .Net 2.0), but fails on our shared server (2003, IIS6 & .Net 2.0).

    Would like to find an answer soon.

    Steven

    Wednesday, May 16, 2007 6:29 PM
  • User-466949040 posted

    I had the same problem.

    In my case it was due to my web page containing two tags <form>

    Can you verify if you have more than one of these tags? if it's the case remove the redundant forms tags

    Regards
     

    Friday, May 18, 2007 12:04 PM
  • User-841356318 posted

     

    I searched the form and only found one <form>.  Thanks for answering it though.
    Friday, May 18, 2007 1:37 PM
  • User230182294 posted

    Hello, I already set the EventValidation as "false", the same exception still occurs. Why?

    <%@ page language="C#" autoeventwireup="true" inherits="Adimin_InputNews, App_Web_3otgz97f" validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" %>
    <%@ page language="C#" autoeventwireup="true" inherits="Adimin_InputNews, App_Web_3otgz97f" validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" %>

    Monday, May 21, 2007 1:23 AM
  • User-426175303 posted

    What about an usercontrol with outputcache? I get this every time when clicking button (which posts back to another page) inside cached user control.

    Thursday, May 24, 2007 10:03 AM
  • User390449784 posted

    I am getting the same error. I am using ASP.NET with AJAX. I have one update panel on the page and EnablePartialRendering is set to true in the script manager. What is interesting is that this only seem to happen with IE and after the session times out. Setting the maxPageStateFieldLength solves the problem but I am not very confortable with it because it is not a good explanation of why it is solving it. Can anybody give me some confort as to why this would work?

     Thank you,

     Yves

    Thursday, May 24, 2007 4:52 PM
  • User-1846563363 posted

    I changes the Page Attribute but didnt succeed.

    I am still getting the same error when my system remains idle for 30-35 minutes,

    so ultimately session expires and while clicking on any link of the page it doesnt redirect to guest console, but instead it crashes application and throws this error

    Please Help me ... 

    Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

    Thursday, May 31, 2007 7:22 AM
  • User-1140432591 posted

    i have the same problem,i done all the instructions givrn in this forum topic but the problem remain the same that no event of linkbuttons or buttons called and mac fac error ocurrrrrrrrreeeeeeeeee.plzzzz help its urgant

    Tuesday, June 5, 2007 11:58 PM
  • User-222176354 posted

    Howdy, 

    Yee Haw, I got mine fixed ....

    "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and valiation algorithm. Auto Generate cannot be used in a cluster."

    Im Using:  Web Devoloper Express 2005 Ver 8.0.50727.762,  ASP.NET 2.0 ver 2.0.50727 , AJAX 1.1, SQL Server 2005 Express.

    My Code:  Im using AJAX placeholder to contain another placeholder that dynamically loads web user controls.  What was causing my error was a gridview bound to a Object Data Source placed on a web user control that was loaded into the placeholder.  I was getting this error locally not using IIS.

    Fix 1:  Removing the AJAX placeholder fixed it.  (But I really wanted to use AJAX).

    Fix 2:  By turning the gridview property "AutoGenerateColums" property to TRUE.  Then it worked fine.  When it was set to FALSE (so I could customize my grid) it causes the error.  I'm still trying to figure out a way to get the columns I need to not show with this.  

    EDIT:  And here is another fix.  (I don't know how I missed this earlier while searching)

    http://aspadvice.com/blogs/joteke/archive/2006/02/02/15011.aspx

    Basically setting "<pages enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false"/> " on my page in the AJAX handler fixed this.  Now I just need to read up on the security precautions with it.

     My appologies if this was mentioned somewhere earlier and I missed it.

    HTH, 

    Doody

    Friday, June 8, 2007 1:28 PM
  • User753397798 posted

    I fought with this problem for about five hours yesterday, and the maxPageStateFieldLength seems to be working... unfortunately, we just had a website encounter the same issue, and it's .NET 1.1, which doesn't have that particular field. Does anyone know of a good 1.1 fix? 

    Tuesday, June 12, 2007 10:13 AM
  • User-1140432591 posted
    <?xml version="1.0"?>

    <configuration>

    <configSections>

    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

    <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

    <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />

    <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">

    <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere" />

    <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />

    <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" />

    </sectionGroup>

    </sectionGroup>

    </sectionGroup>

    </configSections>

    <appSettings>

    </appSettings>

    <system.web>

    <customErrors mode="Off" />

     

    <
    pages enableViewStateMac="false" viewStateEncryptionMode="Never" enableEventValidation="false" >

    <controls>

    <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    </controls>

    </pages>

    <machineKey validation="SHA1" decryption="AES" validationKey="21986A8BD360911A892ADA3AB237832E21951205D7802BF2B49FBFE9D0C5A41C451E518A23518D189493F727F2E138E73EE7E9B1F884563232B755FF41F1C8" decryptionKey="A9C0435F27C40E840A4D9DFE41BC8A669B29F592E4C4C24539A35BD41697EBEA" />

    <compilation debug="true" strict="false" explicit="true">

    <assemblies>

    <add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    </assemblies>

    </compilation>

    <httpHandlers>

    <remove verb="*" path="*.asmx" />

    <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" />

    </httpHandlers>

    <httpModules>

    <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    </httpModules>

    </system.web>

    <system.web.extensions>

    <scripting>

    <webServices>

    <!-- Uncomment this line to customize maxJsonLength and add a custom converter -->

    <!--

    <jsonSerialization maxJsonLength="500">

    <converters>

    <add name="ConvertMe" type="Acme.SubAcme.ConvertMeTypeConverter"/>

    </converters>

    </jsonSerialization>

    -->

    <!-- Uncomment this line to enable the authentication service. Include requireSSL="true" if appropriate. -->

    <!--

    <authenticationService enabled="true" requireSSL = "true|false"/>

    --><!-- Uncomment these lines to enable the profile service. To allow profile properties to be retrieved

    and modified in ASP.NET AJAX applications, you need to add each property name to the readAccessProperties and

    writeAccessProperties attributes. -->

    <!--

    <profileService enabled="true"

    readAccessProperties="propertyname1,propertyname2"

    writeAccessProperties="propertyname1,propertyname2" />

    -->

    </webServices>

    <!--

    <scriptResourceHandler enableCompression="true" enableCaching="true" />

    -->

    </scripting>

    </system.web.extensions>

    <system.webServer>

    <validation validateIntegratedModeConfiguration="false" />

    <modules>

    <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    </modules>

    <handlers>

    <remove name="WebServiceHandlerFactory-Integrated" />

    <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    </handlers>

    </system.webServer>

    </configuration>

    Thursday, June 14, 2007 8:38 AM
  • User348766459 posted

    I fixed this problem.

     It appears I have one aspx file calling another aspx file with Server.Execute (I was mergin content from two pages). Since both aspx files have "form" tags, resulting page would contain 2 form tags and this was the reason for error.

    After I removed call to Server.Execute the problem gone.

    Sleeping Dude

    Friday, June 15, 2007 3:44 PM
  • User-336264897 posted

    I built a webform with an ajax timer on it that fires every 1 second.  This worked great, no issues whatsoever in IE and FireFox, BUT my boss just downloaded the new Safari Beta3 for Windows and I keep getting this error: "Validation of ViewState Mac failed".  Did some searching and found this page: http://aspadvice.com/blogs/joteke/archive/2006/02/02/15011.aspx (which loops back to this thread)

    The suggestion in the post actually did not work for me, i had to go the extra step posted by one of the commenters and an additional value:

     <pages enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false" />

     

    I then played around with it, and was able to remove the viewStateEncryptionMode value.  I dont have any data controls on my page, so I am a little confused as to why this is happening, and also why is it only happening in Safari Beta3 for Windows.  Safe to blame a beta product?

    Monday, June 18, 2007 9:55 AM
  • User1807615837 posted

    May be it is a little bit tricky, but it might be possible to disable the buttons after the first click. It should work by adding the javascript event onclick which calls a function that disables the button. So the impatient user won't get the chance to click again. I will try this.

    Wednesday, June 20, 2007 2:16 AM
  • User628908224 posted

     I believe the problem that everyone is having is because they use ajax to get the data on the first request. I dont. I do it the regular .net way. Then....for example....say someone pages to the next page......that would be my first ajax.net request.

     So that way, if someone hits refresh, you dont get that javascript popup.
     

    Monday, June 25, 2007 11:54 AM
  • User-850127045 posted

    I have this problem and I don't understand how to get rid of it.  I'm not doing anything complex.  I have spent over a week on the problem of trying to create a page post dynamically and send it off to a new page....  I don't understand why this is happening  I'm using Javascript to do this exact has specified in Microsoft's own MSDN support KB on this.  This is my webpage right before it "auto" submits itself using the javascript method specified by KB 810218.  http://support.microsoft.com/kb/810218

     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head><title>
     MyCart Post
    </title></head>
    <body>
            <form name="form1" method="Post" action="Spost.aspx" id="form1">
    <div>
    <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTUyNzUzNTM5OA9kFgICAw8WAh4GQWN0aW9uBTRodHRwOi8vd3d3LnNhbGVzY2FydC5uZXQvc3RvcmVmcm9udC9zY3NlcnZlc2hvcC5hc3B4ZGRxghtl3cKqY9mMd+JKIWUFp/J1iQ==" />
    </div>


    <script type="text/javascript">
    <!--
    function submitmyform() {
    document.forms[0].action = "http://www.something.net/storefront/sshop.aspx" ;
    document.forms[0].submit();
    };
    // -->
    </script>

            <div>
               
            </div>
            <input type="hidden" name="ClientDomain" id="ClientDomain" value="temp3.something.com" ></form>
    </body>
    </html>

     

    As soon as I add the following additional javascript line to autopost this it fails with the viewstate MAC error on a totally different server in a different state. 

    <script type="text/javascript">
    <!--
    function submitmyform() {
    document.forms[0].action = "http://www.something.net/storefront/sshop.aspx" ;
    document.forms[0].submit();
    };
    document.body.onload=submitmyform;
    // -->
    </script> 

     

    Thursday, June 28, 2007 6:31 PM
  • User-850127045 posted

    Ok, this fix worked for me on the server side.

    EnableViewStateMac = "false"

    Thursday, June 28, 2007 9:23 PM
  • User1205226109 posted

    I encountered this error when a web server was rebooted overnight.  A user who had a page open overnight got this error when he came in the next morning and clicked on a button.  To fix this problem, I used GenerateMachineKey and added a <machineKey> element to web.config. 

    Thursday, July 12, 2007 4:26 PM
  • User825879694 posted

    The problem for us was that the __EVENTVALIDATION hidden field (used by <pages  enableEventValidation="true") and the __VIEWSTATEENCRYPTED hidden field (used by <pages viewStateEncryptionMode ="Auto") are written at the end of the page.  The __VIEWSTATE hidden element, on the other hand, is written at the beginning at the page.  When you cause a postback before the bottom elements are fully loaded, the server cannot validate events or decrypt viewstate and throws an error.

    Rather than disabling these features in the web.config, we can change the page rendering to put them in front of the main __VIEWSTATE element.  You can do it by overriding the Render method of the page or using an HttpModule.  That fixed our problems. Here's the code example:

     

            protected override void Render(HtmlTextWriter writer)
    {
    // move the Event Validation and Viewstate Encryption fields from the bottom to the top,
    // right in front of the VIEWSTATE hidden field
    // This fixes viewstate validation errors with submitting postbacks before a page is fully loaded.
    System.IO.StringWriter stringWriter = new System.IO.StringWriter();

    HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter);
    base.Render(htmlWriter);

    string pageHTML = stringWriter.ToString();
    int viewStateStartPoint;

    int eventValidationStartPoint = pageHTML.IndexOf("<input type=\"hidden\" name=\"__EVENTVALIDATION\"");
    if (eventValidationStartPoint >= 0) {
    int eventValidationEndPoint = pageHTML.IndexOf("/>", eventValidationStartPoint) + 2;
    string eventValidationViewstateInput = pageHTML.Substring(eventValidationStartPoint, eventValidationEndPoint - eventValidationStartPoint);
    pageHTML = pageHTML.Remove(eventValidationStartPoint, eventValidationEndPoint - eventValidationStartPoint);
    viewStateStartPoint = pageHTML.IndexOf("<input type=\"hidden\" name=\"__VIEWSTATE\"");

    if (viewStateStartPoint >= 0) {
    pageHTML = pageHTML.Insert(viewStateStartPoint, eventValidationViewstateInput);
    }
    }

    int viewStateEncryptionStartPoint = pageHTML.IndexOf("<input type=\"hidden\" name=\"__VIEWSTATEENCRYPTED\"");
    if (viewStateEncryptionStartPoint >= 0) {
    int viewStateEncryptionEndPoint = pageHTML.IndexOf("/>", viewStateEncryptionStartPoint) + 2;
    string viewStateEncryptionInput = pageHTML.Substring(viewStateEncryptionStartPoint, viewStateEncryptionEndPoint - viewStateEncryptionStartPoint);
    pageHTML = pageHTML.Remove(viewStateEncryptionStartPoint, viewStateEncryptionEndPoint - viewStateEncryptionStartPoint);
    viewStateStartPoint = pageHTML.IndexOf("<input type=\"hidden\" name=\"__VIEWSTATE\"");

    if (viewStateStartPoint >= 0) {
    pageHTML = pageHTML.Insert(viewStateStartPoint, viewStateEncryptionInput);
    }
    }

    // write the fixed HTML writer.Write(pageHTML); }

     

    Hope this helps,

    Lev

     

    Tuesday, August 14, 2007 2:44 PM
  • User2032526919 posted

    Not bad. When I had discussion with MattGi on Finnish Devdays (it was over a year ago) about this issue and what they could do about it, they had thought this hidden field moving too as a solution, but I think it didn't perform too well for their case. E.g they weren't sure about the performance. Did you do any perf testing?

    Edit: One could use that nicely with a PageAdapter.

    Tuesday, August 14, 2007 3:04 PM
  • User-763686894 posted

    I realize this is an older thread; but I beg to differ with an earlier post.  In testing, I wait until the page loads completely and still receive this error.  I have a project that's a hybrid of classic ASP and ASP .Net 2.0.  My ASPX pages suffer this error only when I sit on the page for too long (almost like a session timeout).  Has anyone recently encountered this error under circumstances similar to me?

     

    I have the following in web.config:

      

    <configuration>
      ...
      <appSettings>
    
        <add key="CompanyName" value="***"/>
        <add key="ApplicationName" value="***" />
    
        <add key="LCID" value="1033"/>
        <add key="PageSize" value="20" />
         </appSettings>
      <system.web>
        <customErrors mode="Off"/>
        <compilation debug="true"/>
        <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" enableViewStateMac="false"/>
        <sessionState mode="InProc" cookieName="RMS" timeout="240" />
      </system.web>
    
     

     

    Tuesday, August 14, 2007 11:00 PM
  • User-576999009 posted

    I have similar error too, but weird thing is: all the on-site users got no error, except one of the remote users. And the frustration is I cannot duplicate this error on any one of the on-site machines. Any suggestions would be appreciates.

    Wednesday, August 15, 2007 3:18 PM
  • User910857034 posted

    Hi All,

    I was searching information on this forum because I had the popup message "The state information is invalid for this page and might be corrupted" on a page in my web site. Maybe the solution i've found can help someone. (I use ASP.NET 2.0, VS2005, and my pages have a MasterPage)

    This page contain 2 gridview with dataKeynames and a DetailsView. When I click on a ButtonField in the first gridview, it populate some infos in the second gridview. Then, when I click a ButtonField in the second GridView, it shows some infos in the DetailsView.

    The first time I click on first gridview and second gridview, everything is ok. Then, if I try to click another record (ButtonField) in the first or second GridView, I get the error message until I reload the page. The problem was that the 2 GridView had EnableViewState="false". After changing EnableViewState to True in the second GridView, i've never had again this error.

    In the Web.config, i have the following declaration:

    <pages theme="Default" viewStateEncryptionMode="Always" maxPageStateFieldLength="1024">

    and in the page's code, i have :

    protected void Page_PreInit(object sender, EventArgs e)

    {

    Page.ViewStateUserKey = Page.User.Identity.Name + Session.SessionID;

    }

    Thursday, August 16, 2007 3:29 PM
  • User900008428 posted

    Hi everyone 

    i am facing following problem when i am upoading .jpg file on server after uploaded successfully , binding  data (uploaded  file name , reason to be file upload) to the gridview.

    Validation of viewstate MAC failed / The state information is invalid for this page and might be corrupted

    please intimate me as soon as possible .. 

    Advance Thanx and Regards

     Jignesh Patel

     

    Sunday, August 19, 2007 6:16 AM
  • User210533354 posted

    I've just stumbled upon this problem myself  and then discovered this marvelous discussion.

     Can anyone think of a reason why the following technique won't enable/disable viewstate and viewstatemac globally and by page? I'm afraid to try it in production until someone who knows more than me considers it, but it seems to work in development.

    1. In web.config at the entry

    <system.web>
        <pages enableViewState="false" enableViewStateMac="false" />

     2. On any page that still needs viewstate for some reason change the header to

    <%@ Page Language="C#" AutoEventWireup="true" EnableViewState="true" EnableViewStateMac="true" ...

    Is there anything else I need do or are there demons here I'm not seeing?

    Dave Barkley

    Wednesday, August 22, 2007 2:30 AM
  • User1452541267 posted

    put this in the META in your masterpage, or *.aspx

    <meta http-equiv="Page-Enter" content="RevealTrans(Duration=0,Transition=0)" />

    it works fine for me

     

    Wednesday, August 22, 2007 4:25 AM
  • User-1329334484 posted

    I am getting this error when clicking the 'buy' button. also my modal popup does not work (corrupted state message) when i have that code on the page:

    <form action="https://www.paypal.com/cgi-bin/webscr" method="post">

    <input type="hidden" name="cmd" value="_xclick"/>

    <input type="hidden" name="business" value="sample@sample.com"/>

    <input type="hidden" name="item_name"

    value="Item Name Goes Here"/>

    <input type="hidden" name="item_number"

    value="Item Number Goes Here"/>

    <input type="hidden" name="amount" value="100.00"/>

    <input type="hidden" name="no_shipping" value="2"/>

    <input type="hidden" name="no_note" value="1"/>

    <input type="hidden" name="currency_code" value="USD"/>

    <input type="hidden" name="bn" value="IC_Sample"/>

    <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif"

    name="submit" alt="Make payments with payPal - it's fast, free and secure!"/>

    <img alt="" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"/>

    </form>

    Sunday, September 9, 2007 11:41 PM
  • User-1329334484 posted

    Any idea how I can fix this error and what is causing it. All I did is to add this ASPx markup:

     

    <form id="form1">

    <!-- IMPORTANT: leave the above form as is. All ASP.Net Pages must have it-->

    <input name="cmd" type="hidden" value="_xclick" />

    <input name="business" type="hidden" value='<%# (Eval("Email","")) %>' />

    <input name="item_name" type="hidden" value='<%# Eval("Description") %>' />

    <input name="item_number" type="hidden" value='<%# Eval("Id") %>' />

    <input name="amount" type="hidden" value='<%# (Eval("Price", "{0:n2}")) %>' />

    <%-- <input name="amount" type="hidden" value='0.25' />--%>

    <input name="no_shipping" type="hidden" value="0" />

    <!-- and so on, just build your form to completion -->

    <asp:imagebutton id="Button1" runat="server" postbackurl="https://www.paypal.com/cgi-bin/webscr" text="Make payments with PayPal - it's fast, free and secure!" ImageUrl="https://www.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif" />

    <!-- the above is all you need to do. Just use a Button Control, and set it's postbackurl property to paypal. Notice that this is where the POST URL is set instead of the FORM element-->

    </form>

    Seems those changes to page directive are helping to avoid the error, but the problem is it is not validating and encrypting the page data...

    <%@ Page Language="C#" MasterPageFile="~/MasterPage_new.master" CodeFile="ShowAd.aspx.cs"

    Inherits="ShowAd_aspx" validateRequest="false" enableEventValidation="false" viewStateEncryptionMode="Never" %>

     


    Tuesday, September 11, 2007 2:29 PM
  • User-890019549 posted

    I apologize if this solution was brought up already as I didn't read the entire thread.  But a light bulb went off while reading throught it and I found the solution for my setup.  The ApplicationPool that my app was running under was set with a low memory threshold and was recylcing itself after a few pages.  So this caused my whole session and "server side viewstate" to be wiped out so ofcourse the validation didn't match up.

    You should see the Process recycle messages in the windows System Event log.

    Hope this helps someone out there.

    Wednesday, September 12, 2007 9:39 PM
  • User575826167 posted

     hi

     

    i think  i hv solution



    add EnableViewStateMac  property to page tag

    or u  can add it in pages tag in web.config

     
     

    Tuesday, September 18, 2007 4:05 AM
  • User575826167 posted

     add EnableViewStateMac property in page tag

    or pages tag in web.config

    it works 

    Tuesday, September 18, 2007 4:06 AM
  • User1685769222 posted

    Hi

    I don´t know if this solution has been posted yet, but it solved the problem for me right away!

    In your web.config add a static machineKey like this.. under the system.web section

    <system.web>
              <machineKey validationKey="329521584AA24B9A22212D7C9C87D4AF1F1C3D55794E511F811B282A943A8E7C3C9183D8331F9BADA528ECF98FB93A4D8FEEF9D262745C2EDB73354381B7B40D"
    decryptionKey="8BD2531EFA3CA83E4D7CAA3C2F99EE4E8D8C075B83650351" validation="SHA1" />

    The default setting for machine key is Auto generate, which stated in the error message might not work.

    I used an Online tool to generate the static machineKey information, found at http://aspnetresources.com/tools/keycreator.aspx

    Thursday, September 20, 2007 4:11 AM
  • User294545519 posted

    I'm still having problems with this.

    I am using server.transfer to transfer to another page depending on a querystring value. When i transfer from page 'a' to page 'b', page 'b' produces this error when a button is clicked, or a page link on the gridview paging is clicked.

     If I view page 'b' without transferring from page 'a' then it all works fine.

    I have tried adding this to my web.config which seems to of fixed most people's problems:

    <pages enableViewStateMac="false" viewStateEncryptionMode="Never" enableEventValidation="false" >

    However by adding this it stops everything from working! When a button is pressed the related sub-routine doesn't seem to run, and none of the page links of the grid view work either.

    If anyone has any solution to this it would be greatly appreciated!

    Thanks,

    Curt.
     

    Wednesday, September 26, 2007 7:35 AM
  • User-1671087770 posted

     Just to let you guys know that I had this problem too, with a gridview that will diaplay a large amount of data - and there's no chance my user's won't click click click away before the page has finished loading!

    <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    worked great, thanks so much to the guys near the start of the thread for finding this out :) 

    Thursday, September 27, 2007 5:15 AM
  • User-2050227869 posted

    Hey Guys, here's another twist for you:

     I am getting the "The state information is invalid for this page and might be corrupted." error when running my web app from IIS on my machine. Using the WebDev server works fine, and when the app is deployed to production servers it works fine there too. So, THE FIX HAS TO BE IN IIS, NOT IN MY CODE.

     Can someone advise me on how my IIS got hosed and what to do to fix it? Thanks!

    Friday, September 28, 2007 5:21 PM
  • User-2050227869 posted

    Hey Guys, here's another twist for you:

     I am getting the "The state information is invalid for this page and might be corrupted." error when running my web app from IIS on my machine. Using the WebDev server works fine, and when the app is deployed to production servers it works fine there too. So, THE FIX HAS TO BE IN IIS, NOT IN MY CODE.

     Can someone advise me on how my IIS got hosed and what to do to fix it? Thanks!

     Anyone have any clues? I am at the point of reformatting my machine and re-installing everything to fix this.

    Tuesday, October 2, 2007 3:03 PM
  • User-1114626875 posted

    Oh dear.  I'm having exactly the same problem.  We've been running just fine with no code changes, using ASP.net 2.0, with a gridview with datakeynames set up.  In web.config I had:

    <pages validateRequest="false" enableViewStateMac="true" enableEventValidation="false">

    which I changed to

    <pages validateRequest="false" enableViewStateMac="false" enableEventValidation="false">

    and all it did was to change my error message in the same way as described previously.

    All that changed was a Windows Update last week... !

    Anyone else having that problem recently?

    Thanks,

    Carol.

    Monday, October 15, 2007 5:00 PM
  • User1588645255 posted
    Just a quick question for those that continue to have problems with this, even after trying the fixes listed through this thread.... are any of you specifying a base?

    <base href="http://www.website.com/" />

     I ask because I tried every fix listed in this site and was still getting the error.  Then I started rebuilding my master page piece by piece and realized that if I left this line out... poof!  It worked.

    Tuesday, October 16, 2007 1:44 PM
  • User25600206 posted

    I found that my instance of this problem was caused by a cached page, and my users using the back button. The state information would be out of date. I found the post at http://forums.asp.net/p/1039525/1444446.aspx and added the following to the Page_Load on my master page. So far its working (/crossing fingers [:)])

     

            Response.AppendHeader("Cache-Control", "no-cache; private; no-store; must-revalidate; max-stale=0; post-check=0; pre-check=0; max-age=0"); // HTTP 1.1
    Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.1
    Response.AppendHeader("Keep-Alive", "timeout=3, max=993"); // HTTP 1.1
    Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT"); // HTTP 1.1
     
     
    Thursday, October 18, 2007 3:37 PM
  • User-1114626875 posted

    Thanks!  It's resolved.  Although I had the enableEventValidation=false, I also needed to add viewStateEncryptionMode ="Never"

    Carol.

    Thursday, October 18, 2007 3:47 PM
  • User2094635031 posted

    Just in case this wasn't covered by the previous fixes, you can also get this error if you happen to have multiple form tags in your page.  In the case that I just solved, the developer was attempting to use a master page which, by default, includes a form tag.  While he was using that master page, in his content pages he also had a form tag directly around his form elements.  The form tags were conflicting with each other and throwing that error.  When the form tag in the master page was removed all was happy again.

     

    On a side note, he also found out that he needed to include the runat="server" in his content form tags in order for his server controls to show up.  This is a fairly simple thing to overlook, especially when converting .asp pages over to the .NET world.  I hope no one else has to spin their wheels for very long looking for such a simple answer as was the case in this scenario.

     Thanks.

     Sean

    Thursday, October 25, 2007 9:42 PM
  • User-489975089 posted

     

    Hi

    http://aspnetresources.com/tools/keycreator.aspx I used the tool and the error has been fixed. However, I got some strange behaiviour from the application. It sounds the SESSION getting empty or restart! I am checking the Username and Password in the session on each page load in my CMS application. Whenever the sessions be null, the current page will redirecting to Login page. Now it happeing frequently and also I am getting:

     Object reference not set to an instance of an object.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

     

    Any Idea would be appreciated.

    Moez

    Saturday, October 27, 2007 5:42 PM
  • User1604041079 posted

    I must say that this error message is extremely frustrating.  I thought I'd share with you my experiences and let you know a potential work-around (for a select few of you out there).

    The issue involves Url Mapping.  The validation mechanism associated with the postback is tied to the url of the page.  If the url differs on the client-side, this error will display.  Therefore, until a quality solution is found, I suggest that any of you experiencing this error on a page mapping or rewriting urls disable the mechanism for the time being.

    This is just my short-lived experience with the issue.  I know that many of you are seeing this error under entirely different circumstances.


    Best of luck,

    pk

    Thursday, November 15, 2007 11:51 AM
  • User-1329334484 posted

    Did you try to disable page validation? It worked for me.

    Thursday, November 15, 2007 6:13 PM
  • User-489975089 posted

     

    Thanks for reply;

    The Machine Key in Webconfig has solved the proble. The session issues we related to limitation on CPU usage on server that server admin has solved by removing the limitation.

    I highly recommend anyone has this proble to try put the MachineKey on Web.config

    Cheers

    Moez

    Thursday, November 15, 2007 6:37 PM
  • User-1329334484 posted

    Please explain what is this machine key and how it works. How to generate the machine key? What are the advantages of using it (besides fixing this problem)?

    If this is indeed fix for the problem mentioned here, somebody should put it on top in ASP.NET. This is very important.

    Thursday, November 15, 2007 8:28 PM
  • User911902078 posted

    Hello,

    I had the same problem. Basically i had a form which contain a placeholder and autogenerated hiddenfields in it by run-time.Anyway, one way to solve this was by web.config but i dont like web.config however the other way was to:-

    1. Remove my button and insert the command which is <body onload="submitform();">

    2. then in the head section i wrote this

        <script language="javascript" type="text/javascript">
            function submitform()
            {
                document.getElementById("frmPaypal").method="post";
                document.getElementById("frmPaypal").action="https://www.paypal.com/cgi-bin/webscr";
                document.getElementById("frmPaypal").submit();
            }
        </script>

    which automatically redirects the user to paypals website when the page loads.......

    This was one method to get rid of the error: -

    Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

     

    Hope it helps

    thanks

    amjad

    Wednesday, November 21, 2007 2:17 PM
  • User543848960 posted

    Problem: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

     

    I was using a Repeater with Ajax Button.  The problem was we had URL Rewriting and were using an Actionless Form.  Instead of removing the action attribute, we added

    writer.WriteAttribute("action", HttpContext.Current.Request.RawUrl);

     which seems to be fixing the problem.
     

     Had the exact same problem, thanks alot for the fix! Works like a charm now :D

    Wednesday, November 21, 2007 6:22 PM
  • User1668703586 posted

    In the situation where the validation of viewstate is failing because the postback is occurring before the page has finished rendering, mattgi's solution above nearly works but not quite: unfortunately setting disabled="true" on the form element makes all the controls grey and visibly disabled, but they still work if clicked!  That's on IE7 at least -- a bug, I'd have thought.  I got around this by using the CSS display attribute instead, as follows:

    1. Modify the form tag as follows, only the style bit at the end should be new:    

    <form id="form1" runat="server" style="display:none">

    2. Add this script underneath </form> near the bottom of the HTML, ensuring that the string passed to getElementById matches with the id in the form tag above:

         <script type="text/javascript">
        //<![CDATA[
            function enableForm() {
               document.getElementById("form1").style.display = '';
            }
            window.onLoad = enableForm();
        //]]>
        </script>

    The result is a blank window until rendering is complete.

    Hope that helps.

    Monday, December 3, 2007 3:26 AM
  • User1859793520 posted

    I'm suffering from this issue, and none of the posted solutions have worked for me. Two observations though:

    1) I get the error when using a timer to automatically trigger an updatepanel (saving an xsd/xslt-generated form). If I disable partialpagerendering in the scriptmanager, the problem goes away (but why would you want to do that?).

    2) This only affects me in Safari Beta 3 (possibly earlier betas too) for Windows, and works fine in IE and Firefox. If anyone can confirm that the issue does not exist on Mac Safari, please let me know. I can live with the error if it's only alienating Windows Safari users, but if it locks out practically all Mac users, I'm stuck.

    Thursday, December 6, 2007 2:18 PM
  • User-133633902 posted
    i solved the problem by debugging! you can try tat too, hopefully it helps (:
    Friday, December 7, 2007 4:27 AM
  • User1103557543 posted

     I have a completely different cause and solution for this problem.

     I was getting it with the LoginStatus.  The problem was that it adds a query string value for the post back page and I was already having a query string value caused by url rewrite.

    So, the solution was to make sure that the LogoutPageUrl was not directing to a page that has a url rewrite.

     

    Hope that helps someone.  It was giving me problems for the longest time. 

    Wednesday, December 12, 2007 9:52 PM
  • User1750964609 posted

    Hi Guys,
                       I am also geting this error. In my case i there the a gridview which also having paging. While click on the any page >3 i am getting this error. I am not sure why. Can anybody please let me know the solutuion of this problem.

    Big Thanks in advance

    Mahesh
    www.thinkinterview.com

     

    Thursday, December 13, 2007 10:52 AM
  • User2105182748 posted

    I submit the following research in the hope that someone will be able to find a solution to this common error "Validation of viewstate MAC failed." On our site, we got 114 of these errors in the last 2 weeks.

    EventValidation is turned OFF site wide for us in web.config

    <pages enableEventValidation="false">

     (that means that there is no "__EVENTVALIDATION" hidden field on our aspx pages so the explanation offered on 1/31/2006 http://forums.asp.net/p/955145/1173230.aspx does not apply).

    Found 114 of these errors in last 2 weeks in our error logs:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> 
    • ~65% (75 of 114)  AppleMAC-Safari 5
    • ~10% (12 of 114) Unknown (cellphone browsers Samsung, LG-LX550 etc)<o:p></o:p>
    • ~8% (10 of 114) Pocket IE 4 0.01
    • ~6% (7 of 114) WinCE 6
    • ~4% 5 of 114 MSIE 4 0.01
    • ~1% (2 of 114) IE 6<o:p></o:p> 0
    •  ~1% (1 of 114) IE 5 0.01

     Lastly, this occurs BOTH on aspx page that have  EnableViewState="false" and on pages where viewstate is on. Let's not forget that you can never turn it off completely: there will always be a hidden field. We have not messed with the EnableViewStateMac page setting at all, so it is set at it's current default: true.

    Clearly, something seems to point a finger a Safari 5 and mobile browsers of various flavors, and slow downloads may have something to do with it.

     Anyone care to chime in?

     A :)

    Wednesday, December 19, 2007 2:43 PM
  • User1186220374 posted

     Hi,

     I have the exact problem and it is related to URL Rewriting, did you find a solution for this?

     Kind regards,

    Adam Tibi
     

    Friday, December 28, 2007 12:57 PM
  • User2105182748 posted

    We recently added Url rewriting functionality to our site too, so this is a great lead! Thanks! How do you know it was related?

    We have no solution or new info yet, but I will post more if/when we find out more.

    Friday, December 28, 2007 1:59 PM
  • User418302322 posted

    Why not modify the render-method to put the __EVENTVALIDATION formfield first?

    I'm using a modified render-method to put the viewstate last (for SEO purpose), so why not also move this one? 

    Thursday, January 24, 2008 6:34 AM
  • User-190206740 posted

    Hi.

    I hava an ASP.NET page with 3 ajax TabPages, inside the second I have an Ajax CascadeDropDownList, and in the third two ajax CalendarExtenders. As you could notice I have a lot of asp.net Ajax stuff on this page.

    Trying to redirect to another page through "form.action= "myRedirectedPage.aspx"; form.submit();" , throwed the error depicted above.

    I tried all the solutions posted in the forums :

    - EnableViewStateMac = false; ViewStateEncryptionMode="Never"

    - Reduce the amount of controls with EnableViewState = true

    - Follow the advice of the error and trying to add the needed keys in the web.config (<machinekey>).

    But nothing worked until I wrote the followilng code to redirect the page to the desired one:

    <script>

         window.location.replace("myRedirectedPage.aspx");

    </script>

    I am not sure how much security issues have this method, but I will use it by now. Any advice is welcomed.

     

    Best Regards

    Pablo Alejandro Pérez Acosta

    From Bogotá, Colombia.

     

    Thursday, January 24, 2008 5:10 PM
  • User-1235570765 posted

    Today I run into this problem after enable gridview edit and DataKeyNames

     I haven't solve the problem in IE yet. but no problem at all under FireFox :(

     

    Thursday, January 24, 2008 11:29 PM
  • User337313793 posted

    Well, for what I understand, you should uninstall the current version of the .net framework you have in your computer (1.1, 2.0) and re-install it again. I had a similar problem (not the same, but I was getting several errors that, indeed, were just because of a version conflict), I guy told me to do what I'm telling you and all of the sudden the errors were gone. Now, I'm not 100% sure if this is the problem, but it could be a solution. Try it.

    Friday, January 25, 2008 8:18 PM
  • User-1069616818 posted

    Hello

    i had the same error on my page. I had a GridView inside an updatepanel and an ObjectDataSource with custom paging.The DataSet was quite large (over 500.000 records).

    This solved the error:

    In Web.Config file i made this change: 

            <pages>
                <controls>
                    <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
                    <add namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" tagPrefix="ajaxToolkit"/>
                </controls>
            </pages>

     
    to
     

            <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never">
                <controls>
                    <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
                    <add namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" tagPrefix="ajaxToolkit"/>
                </controls>
            </pages>
     

    I hope i helped 

    Friday, February 8, 2008 4:46 AM
  • User1179792349 posted

    I have a specific control that causing the error. It is a Custom Adrotator. The control works when the Ad is a .jpg/.gif but when it is a Flash Ad(.swf), i intermittantly get this error. I have viewstate=false for the control. I cannot duplicate the error. It is in a master page and uses https. If a swf file, it embeds an <object> (see below). Site is not in a web farm, Thanks.

    Dim StringFormat As StringBuilder = New StringBuilder("<object classid=""clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"" ")
    StringFormat.Append(
    "width={0} height={1}>")
    StringFormat.Append(
    " <param name=""movie"" value={2}>")
    StringFormat.Append(
    " <param name=""quality"" value=""high"">")
    StringFormat.Append(
    " <param name=""loop"" value=""true"">")
    StringFormat.Append(
    "<!--[if !IE]>-->")
    StringFormat.Append(
    "<object type=""application/x-shockwave-flash"" data={2} width={0} height={1}>")
    StringFormat.Append(
    "<!--<![endif]-->")
    StringFormat.Append(
    "<h2>Thanks for visiting</h2>")
    StringFormat.Append(
    "<!--[if !IE]>-->")
    StringFormat.Append(
    "</object>")
    StringFormat.Append(
    "<!--<![endif]-->")
    StringFormat.Append(
    "</object>")
    Dim OutPutString As StringBuilder = New StringBuilder()
    OutPutString.AppendFormat(StringFormat.ToString, 468, 60,
    Me.strImgUrl, Me.strNavUrl)
    writer.Write(OutPutString.ToString)

    Some info from error:

    Message(inner): Invalid viewstate. 
          Client IP: 123.123.123.123
          Port: 49544
          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
                    ViewState: 2f1dsnJBQ9nygiTF7d2V3b8Ywg1Yu9GHKj/jeoYPz67FwpFm7lsfIT03I+sDtrdB3Ut7kyDop1FA7i7FpxUAUgj0hiOKkXVprOlTYsOCqzovZWlfaTTLbh8fu....

    Message: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster

    Tuesday, February 12, 2008 2:46 PM
  • User-587930081 posted

     

    Hi Thank you for your correct information.

    It's solved my problem.

     

     

     

    Monday, February 18, 2008 6:32 AM
  • User1181762219 posted

    Hi,

    What are the exact security issues with changing settings in web.config to below? Are they serious? 

    <pages enableViewStateMac="false" viewStateEncryptionMode="Never">

     

    Monday, February 25, 2008 9:34 PM
  • User1041601714 posted

    I am sending email error details to my mailbox. I could see every error on my page. So this error was happening rarely. I couldn't understand this for months long. I tried many things. I have never tried to set viewstate encription to never. This is the solition but naked viewstate is not good. The problem is caused from browser caching. Browser caches the page and then never load newer one. When your server restarted or program restarted. This happens too much because you upload 3-5 five program file and then program compiles from the beginning. This causes program to restart. Every restart changes the encription key for viewstate. Some visitors which came yesterday, they see the error page on their screen. Especially developers...  Solition is to set encription to never OR you must put a machine key tag on web.config file OR you could force browsers not to cache pages. You will see a validation key and decription key below. This is a generated key for my web site. When program starts, it uses the same validation key every time. Some free tools are available. You can generate another validation key. When you put this in <system.web> in web.config, I think your problem will be solved.

    <machineKey
    validationKey="3ADC71AB988C34ED0E834AF43C11B42DA6F4FDCA3B8E558CF585851DC3A39D44FB0F2DE01C715F1B0FBEC309C6D5299084E4C0BAB593005628959CE8C688A122"
    decryptionKey="AA6DC22BF2281909AC6DF69746FD951EDF057F56F3A13B8CF50CD45665A81E62"
    validation="SHA1" decryption="AES"

    http://www.orcsweb.com/articles/aspnetmachinekey.aspx  <--- You can generate your own validation key from this address.

    You could never know customers errors unless you save error details or sending e-mail. You can trace errors by global error handler.

        Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
            if context.Request.IsLocal=True then exit Sub 'By this way you could see error in yellow page.
            Dim ex As Exception = Server.GetLastError()
            EmailException(ex)
        End Sub

        Private Sub EmailException(ByVal ex As Exception)
            'Some code to send mail about error exception
        End Sub 

    Thursday, February 28, 2008 9:57 PM
  • User-1986218710 posted

    This is a best solution to solve the problem.

    Tuesday, March 11, 2008 7:34 AM
  • User-1126925207 posted

     I've tried putting a pre-generated key into webconfig but this didn't work. Is there somewhere that i also need to tell asp.net not to auto generate a key?

     I've also tried the option of turning off:

    <pages enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false"/>

    Or:

    <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

    These approaches remove the MAC error but introduce another problem;-

    {A short bit of background. I have a search page with a gridview that display records based on a date. I have a calendar control in a master page. When i click a date, the search page is called with this date. The calendar can be repeatedly clicked before the search page has finished loading} 

    Presumably because the lack of checking, my page can load again and think it's in a state of post back. I initialise the search form fields based on the querystring but, obviously, only if it's not a postback. 

    My code falls over because of unitialised fields/ Variables.

    I don't know which is worse!!!

    ETA: Are the people who used the machine key solution absolutely sure it solved the problem? When I did it, it appeared to work but I repeatedly click on my calendar control and the search page fell over eventually. 

    Thursday, March 13, 2008 7:29 AM
  • User1041601714 posted

     I think you you should keep pre-generated key on web.config. If you tried this for a day. This is not long time. Because explorer caches pages more than one day. This will decrease the errors day by day. Then 3 or 4 days errors should stop. I see there are no setting more than these. I think with pregenerated keys in web.config will stop the callender error. Because pre-generated key is a natural method on asp.net. But viewStateEncryptionMode="Never" may cause some errors.

    Thursday, March 13, 2008 7:48 AM
  • User-1126925207 posted

     I think you you should keep pre-generated key on web.config. If you tried this for a day. This is not long time. Because explorer caches pages more than one day. This will decrease the errors day by day. Then 3 or 4 days errors should stop. I see there are no setting more than these. I think with pregenerated keys in web.config will stop the callender error. Because pre-generated key is a natural method on asp.net. But viewStateEncryptionMode="Never" may cause some errors.

     

     

    Oh, I see. My site is actually just in a test at the moment & i'm the only user. From what I understand you say, I should put the key back into web.config and then clear my browser caches. Cheers.

     

    Thursday, March 13, 2008 8:18 AM
  • User-1126925207 posted

     I tried putting the key back into web.config, clearing the browser cache, restarting the browser and restarting visual studio but I still get the MAC error.

    Thursday, March 13, 2008 8:47 AM
  • User207665977 posted

    Why not remove the DataKeyName property, set EnableViewState="false" and then when a PostBack is done, cast the datasource for the gridview and use the event handler parameter to get what specific row triggered the Postback event.

    Eg. Using the OnRowEditing property of a GridView called MyGridView, that was populated using an IList object.

    MyObject obj = (MyObject)((IList)grdMyGridView.DataSource)[e.NewEditIndex];

    That line will cast the gridview's datasource, get the specific row that triggered the Postback using the NewEditIndex property for the event handler and set the values to an object of type MyObject for use by the application.

    Hope this helps in some way. 

    Friday, March 14, 2008 12:48 PM
  • User2073428725 posted

    Hello Every One,

    I am getting the same error. I am using .NET 1.1 and application is too large.

    I don't want to change any code related to grid, tree view etc ...

    Is there any solution to make it correct. Please help me out with this problem.

    Wednesday, March 26, 2008 6:44 AM
  • User-1329334484 posted

     

    Based on the number pf posts here, it seems like this is some major issue in .NET... Maybe somebody could write some guide on this topic and lock this thread as this is a MAJOR issue.
    Wednesday, March 26, 2008 8:59 AM
  • User1805008792 posted

    There is a good post on this issue - http://blogs.msdn.com/tom/archive/2008/03/14/validation-of-viewstate-mac-failed-error.aspx

     But I am not sure whether it contains all the workarounds provided in this thread or not.

    Thursday, March 27, 2008 12:23 AM
  • User-1329334484 posted

    This is really great! Can somebody lock his answer and put on top of this thread, so people do not have to search through tons of irrelevant things...

    Thursday, March 27, 2008 8:34 PM
  • User1359951218 posted

    Nested forms or more than one form tag on an aspx page will cause this error to occurr everytime. Missing end tags that cause a page not to render properly (thereby causeing any of the viewstate related tags not to render) will aso cause this error.

     

    Andy

    Monday, March 31, 2008 3:05 PM
  • User57813568 posted

    Hi,

    Does anyone have a solution for this yet? 

     

    Thanks,

    Jon 

    Thursday, April 24, 2008 5:10 AM
  • User-1986218710 posted

    I have faced this error long time ago for a lot of days. But then i got the solution from this forum through this:

    <machineKey validationKey='Your Server validation Key' decryptionKey='Your Server decryption Key' validation='SHA1'/> 

     Write this line of code in webconfig file.

    Friday, April 25, 2008 3:50 AM
  • User788228153 posted
    Suggested causes:
    When the control is made visible/invisible during the postback the viewstate validation fails.
    Nested form tags cause the viewstate validation to fail.
    Case Sensitive file names: Pls read, http://support.microsoft.com/kb/323744 this one seems to be the most logical one.

    "CAUSE The case-sensitive value that the TemplateSourceDirectory property of a page returns is used to create and to validate the ViewState property for that page. The value of this property for a page depends on the case-sensitive URL that the first user for that page requested. This value is reused for the remaining requests for that page until that page is recompiled. When the page is recompiled, the TemplateSourceDirectory property is re-initialized. If the new value (which is case-sensitive) differs from the previous value, the ViewState validation from the existing clients fails."

    Regards, Nitin
    Sunday, April 27, 2008 12:44 AM
  • User1891074810 posted

    I find if your page contain iframe,It alse occur this error,eg


    <% Page %>

    <form>

    <iframe src="a.aspx">
    <button  onclick="doPost()"/>

    </form>

    so,do not use iframe,you can you script

    Monday, April 28, 2008 10:40 PM
  • User788228153 posted

     One of the causes of this error was session time out so i tried this


        Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
            T2.Text = ""
        End Sub

    <asp:Timer ID="Timer1" OnTick="Timer1_Tick" runat="server" Interval="300000">
                </asp:Timer>
    <asp:UpdatePanel ID="T1" runat="server">
    <Triggers>
    <asp:AsyncPostBackTrigger ControlID="Timer1" EventName="Tick" />
    </Triggers>
    <ContentTemplate>
    <asp:Label ID="T2" runat="server"></asp:Label>
    </ContentTemplate>
    </asp:UpdatePanel>

     

    this makes an async post back to the server every 5 minutes and thus the session does not expire, it seems to have reduced the error by 90%

    let's see [Yes] 

    Monday, April 28, 2008 10:52 PM
  • User-578560092 posted

    Hi Crystal,

    I felt good reading that your problem is resolved. But if we went to the root of this problem, it is obviously not related with datakeyname properties of data controls. I was also stucked around this problem. And after a lot of search I found the proper resolution. That is, to add the following snippet of code in your web.config file.

    And this is globally accepted solution.

    <machineKey validationKey="A2609F5E06639C67EF1ED46FE76F5DC3A0C578C0C7A5421BB5864E78E7456AD67E5A3CC20C65EE5094C75991EF4E46F6CA4E9D59B33BC1E0A1B70A3F38A5341B"

    decryptionKey="C4559B55812BC05AFA0C04DD19FEB0F2F15BBFF169622751" validation="SHA1" />

    Hope this helps to all those guys who had the problem regarding Machine_Key error.

    Wednesday, April 30, 2008 5:30 AM
  • User57813568 posted

    <machineKey validationKey="A2609F5E06639C67EF1ED46FE76F5DC3A0C578C0C7A5421BB5864E78E7456AD67E5A3CC20C65EE5094C75991EF4E46F6CA4E9D59B33BC1E0A1B70A3F38A5341B"

    decryptionKey="C4559B55812BC05AFA0C04DD19FEB0F2F15BBFF169622751" validation="SHA1" />

    Hope this helps to all those guys who had the problem regarding Machine_Key error.

     

     

    Hi,

    How/why would this work?

    I also got the error: 'Unrecognized configuration section machineKey.'  when using this method?

     

    Thanks 

    Thursday, May 1, 2008 3:36 AM
  • User-578560092 posted

    <machineKey validationKey="A2609F5E06639C67EF1ED46FE76F5DC3A0C578C0C7A5421BB5864E78E7456AD67E5A3CC20C65EE5094C75991EF4E46F6CA4E9D59B33BC1E0A1B70A3F38A5341B"

    decryptionKey="C4559B55812BC05AFA0C04DD19FEB0F2F15BBFF169622751" validation="SHA1" />

    Hope this helps to all those guys who had the problem regarding Machine_Key error.

     

     

    Hi,

    How/why would this work?

    I also got the error: 'Unrecognized configuration section machineKey.'  when using this method?

     

    Thanks 

     

    Hi jbear123,

    You must be adding following code in wrong section in web.config.

    Add this line within system.web section in your web.config file.

    Friday, May 2, 2008 12:49 AM
  • User57813568 posted

    Hi,

     

    Can you tell me how/why this solves the error? What does it do to the application?

     

    Thanks

    Jon 

    Friday, May 2, 2008 4:52 AM
  • User1668703586 posted

    If you have your application running on a web farm, you need this setting to stop the error coming up when postbacks go to different webservers.  But that is only one of at least 10 very different causes of this same error and that's why this thread has been viewed 2.5 million times.  Microsoft ought to do something to recognise the different causes in their code and display different error messages accordingly.

    Friday, May 2, 2008 5:03 AM
  • User-782944879 posted

    Eilon..... it has nothing to do with what you'r saying

     

    I'm having the same problem hosted to a particular server and the error pops up much after the page has been rendered successfully. 

    Wednesday, May 21, 2008 8:35 AM
  • User788228153 posted

    yeah mate, the cause seems to be that the session expires after some time, therefore the viewstate also expires and validation fails. there are two solutions which i have tried and seem to work[:)]

    1. use ajax and timer control to make a call after every five minutes or so(i've posted the code in an earlier post) so that the session doesn't expire.

    2. make sure all the headers specify that your page should not be cached at any level.

     

        Response.ClearHeaders()
            Response.AppendHeader("Cache-Control", "no-cache") ' //HTTP 1.1
            Response.AppendHeader("Cache-Control", "private") ' // HTTP 1.1
            Response.AppendHeader("Cache-Control", "no-store") ' // HTTP 1.1
            Response.AppendHeader("Cache-Control", "must-revalidate") ' // HTTP 1.1
            Response.AppendHeader("Cache-Control", "max-stale=0") ' // HTTP 1.1 
            Response.AppendHeader("Cache-Control", "post-check=0") ' // HTTP 1.1 
            Response.AppendHeader("Cache-Control", "pre-check=0") ' // HTTP 1.1 
            Response.AppendHeader("Pragma", "no-cache") ' // HTTP 1.1 
            Response.AppendHeader("Keep-Alive", "timeout=3, max=993") ' // HTTP 1.1 
            Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT") ' // HTTP 1.1 

      hope it helps.

    regards,

    nitin 

    Wednesday, May 21, 2008 12:02 PM
  • User901416901 posted

    Hello,

    I was having this problem and decided to reboot my server to see if that helped (problems started when I changed security to allow clients to access .aspx pages).  Closing out my IIS Manager I got a message that said to close all dialog boxes...and there is was...I had gone into the ApplicationPools (in my case DefaultAppPool) to change my Predefined setting from "Network Service" to "Local System".  As soon as I changed it back, the exception went away....so try going to IIS Manager, expand "local computer", expand "Application Pools", right click on "DefaultAppPool" (or whichever one you may have not set to "Network Service" in Identity), select "Properties", click on the "Identity" tab, select "Predefined" and make sure the drop down is set to "Network Service"

     I really hope this works for you...by the way, sometimes, when I mess with these settings, I get "Not Found" accessing things from remote client.  I think this was happening because I have two different web servers running on my test server, but a reboot of the server fixes it.

     Good Luck

    Friday, June 13, 2008 7:14 AM
  • User1827421893 posted

     

    Hi all even i am geting this problem. I am using gridview nested withn formview.

    i am using datakeyname property.

    this error occur when i load page.( but not every time)

    and this erro occur only in firefox and not in explorer.

     

    how do i get across this can anyone help or point me to a solutin which others has tried.

    and yes it does not happen in my local machine it happens when app is on shared hosting.

     

    Friday, June 27, 2008 1:30 PM
  • User-2116809643 posted

    I have had this problem in a shared hosting environment.

    After testing, I discovered that I could experience this problem with even the most basic of web pages, consisting of only a couple of ASP.Net labels and an ASP.Net button.

    Working within a Session, the pages and site function fine.

    The problem occurs after a period of the site being idle, without activity.

    The problem I have been having was not related to quick-clicking of the mouse.

    This is when, upon a postback, the problem occurs.

    My initial thought was that it was connected with the Session timing-out.  However, further tests showed that this problem did NOT always occur after a period of inactivity longer than the Session timeout.  This did not make sense, as it should replicate each time if this is the problem.

    I then discovered that the IIS Application Pool was recycling also after a period of inactivity.  This led me to wonder about the MachineKey in the machine.config file on the server.

    I have been assured by the hosting company that they are not using a web farm or cluster.

    So my first question is, if the IIS Application Pool is recycled, would a new MachineKey for validation/decryption be generated?

    My second question is, how often should and IIS Application Pool recycle on inactivity?

    I believe the default is 5 minutes?

    However, a few people have told me that this is not a good idea, especially if the Session timeout is defaulted at 20 minutes.

    Surely, the IIS recycle idle timeout should be >= the Session idle timeout?

    Can anyone tell me if this is a problem only experienced with Ajax-enabled websites?

    I noted this thread, and am probably going to test with a manual MachineKey in the web.config.

    Can anyone tell me if this is an acceptable solution, and/or if there are any risks?

    Lastly, please see this markup: 

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head><title>
    	Untitled Page
    </title></head>
    <body>
        <form name="aspnetForm" method="post" action="GenKey.aspx" id="aspnetForm">
    <div>
    <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTIyNzk5MzE0Mg9kFgJmD2QWAgIDD2QWAgIBD2QWBAIBDw8WAh4EVGV4dAWAAUE4MDg3NUQ0NUVCOTNEQUEzMUU5OEMzQUNBMDMyNEM0NzI2NzNEMEY5RDdGNTNCRkQxQkFEOTA1RUYxRjQyNTVFRDBERDVEN0VEQjQxODNDNEYwNjk1MkMxNTYwNzMwQ0YyM0FENzJFMkM2Q0I2OTE4QUM2NDY3RUZGMzMwQkY1ZGQCBQ8PFgIfAAVANjk2NTc5RDk5MjU1QkQzNTUxQzcxMUI5MjRGRUY2QzQ5OEY5RUUwNTZCNTQxN0Q1MUM1NjhCRUUwNzIwNEU2NmRkZK4c9eoRzrWCRMex0oFKRHSn8It0" />
    </div>
    
        <div>
            
        Validation Key (SHA1, 64 bytes - 128 hexadecimal characters):<br />
        <textarea name="ctl00$ContentPlaceHolder1$validationKeyTextBox" rows="2" cols="20" id="ctl00_ContentPlaceHolder1_validationKeyTextBox" style="height:64px;width:592px;">A80875D45EB93DAA31E98C3ACA0324C472673D0F9D7F53BFD1BAD905EF1F4255ED0DD5D7EDB4183C4F06952C1560730CF23AD72E2C6CB6918AC6467EFF330BF5</textarea> 
        <br />
        <input type="submit" name="ctl00$ContentPlaceHolder1$genKeyButton" value="Generate" id="ctl00_ContentPlaceHolder1_genKeyButton" /><br />
        <br />
        Decryption Key :<br />
        <textarea name="ctl00$ContentPlaceHolder1$decryptionTextBox" rows="2" cols="20" id="ctl00_ContentPlaceHolder1_decryptionTextBox" style="height:64px;width:592px;">696579D99255BD3551C711B924FEF6C498F9EE056B5417D51C568BEE07204E66</textarea><br />
        <input type="submit" name="ctl00$ContentPlaceHolder1$decryptButton" value="Generate" id="ctl00_ContentPlaceHolder1_decryptButton" />
    
        </div>
        
    <div>
    
    	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBQK76qXuDAL4v+vCAwK35aLpBQLEkYMtAv2nzrMPpL6kdbdU58mIZVgpcXkMCUg2Uqc=" />
    </div></form>
    </body>
    </html>
    

     

    I noted that the "__EVENTVALIDATION" appears at the bottom of the form.  Is this not likely to cause problems?  Would there be implications for partial page postbacks using Ajax-enabled sites?

    Many thanks,
    Darren

     

     

    Saturday, June 28, 2008 7:24 AM
  • User1827421893 posted

     some changes in my test.

     

    i had earlier thought that this is because i have been using nested database presentation control.

     

    but i got this MAC error even in a simple form page.

    and then i have added EnableViewStateMac="false"  in page tag

    EnableViewStateMac="false"  does solved my MAC error but then i am getting another error.

    The state information is invalid for this page and might be corrupted. 

    now after reading everything.

    i guess clicking before the page loads properly then their are chances of getting this error and not everytime and not yet in IE.

     

    so why only in firefox???

    i have been using my site rapidly for quite some time that is clicking links before page loads.

    and yes my session time is 20 minutes and this job didn't took even 2 minutes 

    and in nearly 40-45 clicks i got errors  approx 5 times

     

    all clicks were rapid click and not allowed page to load completely.

     

     in pages where i have not set EnableViewStateMac="false" thier i get MAC (Validation of viewstate MAC failed) error and on pages where i have set EnableViewStateMac="false" their i get

     

    The state information is invalid for this page and might be corrupted this error 

     

     this is my observation probably if i consider something else i would have some other observations to tell here.

     

    and yes few days back when i did rapid fire test then i have not got any error and that time i had done lot of clicks .

     

    so getting rid form one error has landed upon second error?

     

    is it a problem with ASP.NET? or this problem can be in PHP also?

    or its a firefox issue ?

    at times internet connection can be slow and would take some more time to load entire page. but the visible page has loaded completely.

     

    any user can click on any link to get going...

     

    any other observation or test or solution to get rid of both errors ??

     

    Wednesday, July 9, 2008 10:16 AM
  • User436664564 posted

    hi joteke.

    i have heard that your solution has a bad security issue. i saw a solution which says you need to assign postbackurl to the button that causes the problem but again somewhere i recieve that error messege too.

    Wednesday, July 9, 2008 1:55 PM
  • User1041601714 posted

    I have sent this already but needed to resend this again. Because  no one has wrote actual cause of this error. This topic is growing uncontrolled. Viewstate is the most important thing in asp.net. If there is no viewstate, there would be no asp.net. ASP.Net is a great language for web programming. Because it has viewstate. Actually we can write code like writing on windows platform. Everything is an object for us. But other old type of languages are HTML based. Only generating plain html texts. I think Microsoft asp.net team must change something on next versions of .net. Validation key mustn't change as much as like now. Must be predefined a random validation key in web.config before you write a code. Visual Studio can generate a random validation key. Or when it compiles again musn't change the old validation key and decryption Key. Must stay there the same keys for a long time as it could be.

    After a while people find in this topic, to set viewstate encryption to never is corrects the problem. But there is a better method for this error. Predefine a machine key in web.config. .Net is generating a machine key for you. But when your server restarts or iis restarts or program recompiles itself. Recompileation accurs mostly becasue project files are changing when you upload something. If you dont understand let me tell again. A visitor come to your web page and visited your tiny web form. But mostly this tiny form is very very important. The visitor didn't post anything and didn't closed the page for a while. At this moment you uploaded something and project recompiled again. The page is open allready at visitors PC. If visitor post this page happens a CRASH!!!. Validation key is not the same. It has changed. And again another thing. If browser caches the page tomorrow if another visitor comes. The visitor see the yesterdays page. The validation key is again different. He will post again and again. Everytime error happens. And then visitor tries 3 or 5 times and then abandon the site immediately.  This method is tested and proved itself. I think many people tried and this corrected their problem. 

    You will see a validation key and decription key below. This is a generated key for my web site. When program starts, it uses the same validation key every time. Some free tools are available. You can generate another validation key. When you put this in <system.web> in web.config, I think your problem will be solved.

    <machineKey
    validationKey="3ADC71AB988C34ED0E834AF43C11B42DA6F4FDCA3B8E558CF585851DC3A39D44FB0F2DE01C715F1B0FBEC309C6D5299084E4C0BAB593005628959CE8C688A122"
    decryptionKey="AA6DC22BF2281909AC6DF69746FD951EDF057F56F3A13B8CF50CD45665A81E62"
    validation="SHA1" decryption="AES" />

    http://www.orcsweb.com/articles/aspnetmachinekey.aspx  <--- You can generate your own validation key from this address.

    They say on this web site. This is only needed for web farms. This is not true. For a web farm it is very important but every developer must predefine a machine key on their important projects.

    And additionally; you can't know visitors errors unless you save error details or send e-mail to programmer. You can trace errors by global error handler.

        Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
            if context.Request.IsLocal=True then exit Sub 'By this way you could see error in yellow page.
            Dim ex As Exception = Server.GetLastError()
            EmailException(ex)
        End Sub

        Private Sub EmailException(ByVal ex As Exception)
            'Some code to send mail about error exception
        End Sub

    Wednesday, July 9, 2008 9:41 PM
  • User788228153 posted

    this worked for me got to make sure all the headers specify that your page should not be cached at any level.

     
     Response.ClearHeaders()
    
    Response.AppendHeader("Cache-Control", "no-cache") ' //HTTP 1.1
    
    Response.AppendHeader("Cache-Control", "private") ' // HTTP 1.1
    
    Response.AppendHeader("Cache-Control", "no-store") ' // HTTP 1.1
    
    Response.AppendHeader("Cache-Control", "must-revalidate") ' // HTTP 1.1
    
    Response.AppendHeader("Cache-Control", "max-stale=0") ' // HTTP 1.1
    
    Response.AppendHeader("Cache-Control", "post-check=0") ' // HTTP 1.1
    
    Response.AppendHeader("Cache-Control", "pre-check=0") ' // HTTP 1.1
    
    Response.AppendHeader("Pragma", "no-cache") ' // HTTP 1.1
    
    Response.AppendHeader("Keep-Alive", "timeout=3, max=993") ' // HTTP 1.1
    
    Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT") ' // HTTP 1.1 
     

    hope it helps. regards, nitin

    Wednesday, July 9, 2008 9:53 PM
  • User1041601714 posted

    Yes. This proves the theory. If anyone wants pages not to cached by browsers, this method also can be effective for this error. I tried something like this on my own codes. I found accidently. AppendHeader function clears last header. Every AppendHeader clear headers. All of these cache control paramaters actually work.  But last one is only stays. But machine key method is more stronger for situation. Because if someones page is stays there on browser 1 hour. And when your code recompiled, validation key changes. And If visitor posts back the page, the error will happen again if you use cache control. most of aspx files musnt be cached. And also can be used cache control. By this way visitors see fresh pages.

    Use this: Response.AppendHeader("Cache-Control", "no-cache; private; no-store; must-revalidate; max-stale=0; post-check=0; pre-check=0; max-age=0")

    But remember that, On javascript type responsing aspx files dont use cache control. In firefox generate errors. firefox assumes javascript code file is cached but never cache if you response with these headers. This cause javascript execution errors. Ex: <script src="jscode.aspx?ID=123" type="text/javascipt" ></script>    In jscode.aspx, dont use cache conrol. This happened to me. But I dont know maybe they corrected this error on new versions. Thank you. loginitin
     

    Wednesday, July 9, 2008 11:09 PM
  • User436664564 posted

    hi everybody. please don't post more and more unrelated things to this topic. just if you still have problem ( after putting validationkey and decryptionKey in <system.web> in web.config as mentioned above) let us know. otherwise more and more posts not only solve a problem but also create new ones!

    thank you!

    Thursday, July 10, 2008 3:14 AM
  • User-2116809643 posted

    I tried putting the validationKey and decryptionKey in web.config.  It seemed to work at first but when the IIS application pool was recycled, I then got a different error.  The error was "Padding is invalid and cannot be removed."

    I'm using shared hosting for the website concerned.  I've tried lots of "possible" workaround that I've seen suggested in this forum and on other sites on the web, but none has resolved the problem properly.

    I've decided that spending days trying and testing different workarounds that don't resolve the problem is no longer something I can continue to spend time and money on.

    When there is a proper solution for this problem, I shall implement it but until then, I simply cannot afford to keep testing and trying these things that "might" work.

    Thanks. 

     
     

    Thursday, July 10, 2008 3:48 AM
  • User1827421893 posted

    I am sending email error details to my mailbox. I could see every error on my page. So this error was happening rarely. I couldn't understand this for months long. I tried many things. I have never tried to set viewstate encription to never. This is the solition but naked viewstate is not good. The problem is caused from browser caching. Browser caches the page and then never load newer one. When your server restarted or program restarted. This happens too much because you upload 3-5 five program file and then program compiles from the beginning. This causes program to restart. Every restart changes the encription key for viewstate. Some visitors which came yesterday, they see the error page on their screen. Especially developers...  Solition is to set encription to never OR you must put a machine key tag on web.config file OR you could force browsers not to cache pages. You will see a validation key and decription key below. This is a generated key for my web site. When program starts, it uses the same validation key every time. Some free tools are available. You can generate another validation key. When you put this in <system.web> in web.config, I think your problem will be solved.

    <machineKey
    validationKey="3ADC71AB988C34ED0E834AF43C11B42DA6F4FDCA3B8E558CF585851DC3A39D44FB0F2DE01C715F1B0FBEC309C6D5299084E4C0BAB593005628959CE8C688A122"
    decryptionKey="AA6DC22BF2281909AC6DF69746FD951EDF057F56F3A13B8CF50CD45665A81E62"
    validation="SHA1" decryption="AES"

    http://www.orcsweb.com/articles/aspnetmachinekey.aspx  <--- You can generate your own validation key from this address.

    You could never know customers errors unless you save error details or sending e-mail. You can trace errors by global error handler.

        Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
            if context.Request.IsLocal=True then exit Sub 'By this way you could see error in yellow page.
            Dim ex As Exception = Server.GetLastError()
            EmailException(ex)
        End Sub

        Private Sub EmailException(ByVal ex As Exception)
            'Some code to send mail about error exception
        End Sub 

     

     

    HI,

    thanks my error is not yet solved.

    1) I am using master pages

    2) I have user controls on my page

    error occur sometime not everytime when page are clicked very quickly

    and probably user might not click this fast

    i have added above line in my web.config

    and error still occur when a heavy page with data controls is loading and before it completely loads i click on some link( for example register.aspx)

    even if that link is for a page ( register.aspx) is with a simple form and validations (including custom validation javascript).

    now I think better <strike>solution</strike>  option is using custom error page. 

    can you please help me this i have added error.aspx in my web.config  and created one page for handling this.

    and how do we make it global error page? to be displayed on error

    and how do we catch which error has occired on which page?

    help me please and if in C# then it would be greatfull.

    and this for surely does not exempt us from using try catch in our pages? 

    thanking you all once again for cooperating and helping.

     

     

     

    Tuesday, July 15, 2008 3:11 AM
  • User1041601714 posted

     Your heavy page is rendered slowly or it is concerned about size of your response. You can reduce render time of your page by setting some of unnecessary viewstates of controls. If these control never change and never need for next response. If they all come again from SQL again. They are useless to be added to viewstate. You can look your response HTML to know how much is your viewstate is big. Ex: <asp:TextBox ID="xxx" runat="server" EnableViewState="false"></asp:TextBox> Especially some of literal controls exhaust server cpu.

    Prolong the response time and also download time. Because response file get twice bigger. Content written as HTML and also encripted into viewstate. .net decrypt viewstate and then get all variables then page life time cycle continue. At end of response again it encrypt viewstate. If you want to speed up your page set some of your controls enableviewstate="false"

    On global.aspx  write Response.Redirect("/error.html") on Sub Application_Error, when error occurs this redirects to error.html It is very easy. Then you need to post exception details to your mail address. If your site is getting to much visitors, You could see unexpected errors by this way. But these are happen all time but programers don't know. Only visitors know these.


    Tuesday, July 15, 2008 10:27 AM
  • User1827421893 posted

     Your heavy page is rendered slowly or it is concerned about size of your response. You can reduce render time of your page by setting some of unnecessary viewstates of controls. If these control never change and never need for next response. If they all come again from SQL again. They are useless to be added to viewstate. You can look your response HTML to know how much is your viewstate is big. Ex: <asp:TextBox ID="xxx" runat="server" EnableViewState="false"></asp:TextBox> Especially some of literal controls exhaust server cpu. Reduce the response time and also download time. Because response file get twice bigger. Content written as HTML and also encripted into viewstate. .net decrypt viewstate and then get all variables then page life time cycle continue. At end of response again it encrypt viewstate. If you want to speed up your page set some of your controls enableviewstate="false"

    On global.aspx  write Response.Redirect("/error.html") on Sub Application_Error, when error occurs this redirects to error.html It is very easy. Then you need to post exception details to your mail address. If your site is getting to much visitors, You could see unexpected errors by this way. But these are happen all time but programers don't know. Only visitors know these.


     

    thank you for your reply.

    i have presently set custom error = error.aspx in my web.config

    in global.aspx i will add this line

    but how do i catch error

    i have written code to send email but catching error message is what i would appreciate


    thanks again for your reply. 

    Tuesday, July 15, 2008 12:38 PM