Knowledgebase: DotNetNuke
Validation of viewstate MAC failed- Server Error in '/' Application
Posted by Sean Syed on 27 November 2013 11:40 PM

Error: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Background:

Viewstate is the process used by an ASP.NET Web page to persist changes to the state of a Web Form across postbacks e.g when a page post's back (such as after a submit button or asp.net server control is clicked), when the page reappears the various form fields still contain their data. This is because ASP .NET maintains the page (or view) state via the use of a hidden field placed on each page with a control.

DotNetNuke has viewstate enabled by default, so module developers should take care to not use unnecessary server controls, or to disable viewstate at the control level, to ensure viewstate does not get too large and impact performance.

Encryption:

Viewstate encryption is a best practice and a good way to provide an additional level of security. This was enabled as the default for the 5.6.1 release, but is a recommended practice for all versions, to make this change add the viewStateEncryptionMode attribute to the pages node in web.config and set it to Always i.e.

Fix:

Edit the following line in your web.config file and set these values to false

<pages validateRequest="false" enableViewStateMac="true" enableEventValidation="false" viewStateEncryptionMode="Always">
(3 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).