Home/ Questions/Q 3354208
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T02:14:40+00:00

I have the dreaded Validation of viewstate MAC failed problem from time to time.

  • 0

I have the dreaded Validation of viewstate MAC failed problem from time to time. I run my application in a web farm and have set the machine key of the application to the same value on all web servers.
I have been doing some experiments and now I have two questions regarding the anti forgery token mechanism:

1. I seem to get this error even though I’m not calling any action with the [ValidateAntiForgeryToken] attribute (the problem seems to appear when rendering the token in the view). Why is this happening? Isn’t the validation supposed to only run when the attribute is present. The problem dissappears if the __RequestVerificationToken cookie is removed.

2. Isn’t the __RequestVerificationToken cookie supposed to be a session cookie and thus be invalid as the session expires? This doesn’t seem to be the case?

Stack trace:

A required anti-forgery token was not supplied or was invalid

at System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String
serializedToken)
at
System.Web.Mvc.HtmlHelper.GetAntiForgeryTokenAndSetCookie(String salt,
String domain, String path)
at
System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain,
String path)
at System.Web.Mvc.HtmlHelper.AntiForgeryToken()

at
ASP.views_customer__customerlogin_ascx.__Render__control1(HtmlTextWriter
__w, Control parameterContainer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children)
at
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children)
at
System.Web.UI.Page.Render(HtmlTextWriter writer)
at
System.Web.Mvc.ViewPage.Render(HtmlTextWriter writer)
at
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

at System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context)
at
System.Web.Mvc.ViewUserControl.ViewUserControlContainerPage.ProcessRequest(HttpContext
context)
at System.Web.Mvc.ViewPage.RenderView(ViewContext
viewContext)
at
System.Web.Mvc.ViewUserControl.RenderViewAndRestoreContentType(ViewPage
containerPage, ViewContext viewContext)
at
System.Web.Mvc.HtmlHelper.RenderPartialInternal(String
partialViewName, ViewDataDictionary viewData, Object model, TextWriter
writer, ViewEngineCollection viewEngineCollection)
at
System.Web.Mvc.Html.RenderPartialExtensions.RenderPartial(HtmlHelper
htmlHelper, String partialViewName, Object model) at
ASP.views_cart_index_aspx.__Rendercontainer_main(HtmlTextWriter __w,
Control parameterContainer)
at
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children) at
ASP.views_shared_site_master.__Render__control1(HtmlTextWriter __w,
Control parameterContainer) at
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children)
at
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer,
ICollection children) at System.Web.UI.Page.Render(HtmlTextWriter
writer)
at System.Web.Mvc.ViewPage.Render(HtmlTextWriter writer)
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context)
at
System.Web.Mvc.ViewPage.ProcessRequest(HttpContext context) at
ASP.views_cart_index_aspx.ProcessRequest(HttpContext context)
at
System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.<>c__DisplayClass1.b__0()
at
System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.<>c__DisplayClass4.b__3()

at
System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.Wrap[TResult](Func`1
func)
at
System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.Wrap(Action
action)
at
System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler,
TextWriter writer, Boolean preserveForm, Boolean setPreviousPage,
VirtualPath path, VirtualPath filePath, String physPath, Exception
error, String queryStringOverride)

Inner exception

Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that configuration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. Only actions decorated with the [ValidateAntiForgeryToken] attribute verify the token and may raise this exception.
    2. __RequestVerificationToken cookie has no relation to any session and never times out. The verification consists of checking the equality of the cookie value with the POSTed value from the hidden field.
    • 0