Home/ Questions/Q 400171
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T16:55:05+00:00

I currently have a .net web application on a cluster based system (Rackspace cloud).

  • 0

I currently have a .net web application on a cluster based system (Rackspace cloud). In web config I have set up the following machine key.

<machineKey validationKey='DE0...etc' 
decryptionKey='A97...etc' 
validation='SHA1'/>

We were getting a quite a few of the following errors on a daily basis:

Validation of viewstate MAC failed. If
this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies the same
validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.

I did a bit of Googling and added the following. This has stopped all the previous errors. However it may open the door for various hacking attacks.

<pages enableViewStateMac="false">

However I am finding now that I get the following errors

The state information is invalid for
this page and might be corrupted.

I am trying to work out what may be causing these two types of errors. Are they bots? Are they genuine web users? Are they hacking/malware attempts? Is this a normal occurrence and I should just ignore them…

Can anyone shed any light on this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t think they are Malware/hacking attempts – I have sometimes seen those myself when browsing sites.

    The general cause I’ve seen is that the page hasn’t completed loading before the user initiates a postback – there is a hidden field that is rendered at the bottom of the form, and if that hasn’t been rendered to the browser when the user clicks a button, the server will reject the viewstate.

    There’s quite an in-depth post about the issue, and some work-arounds here:

    Validation of viewstate MAC failed error

    • 0