Search code examples
asp.netviewstatemachinekey

Viewstate Validation fails in web-farm - Usual suspects eliminated

I think that I've tried all of the standard responses to this problem, and I know that I've read hundreds of questions and posts about this problem, but none of them seem to have resolved it or shed any light on what the cause is in my scenario. (I'm 5 hours down and no nearer :-( )

  • I have a web-farm of 2 servers.

  • I have set the machine key and validation key in machine.config on both machines

  • Encryption: SHA1, Decryption: AES - These are the defaults, could it help to change them?

  • I have verified that no other config files in the chain (web.cfg, apphost etc.) have a setting for these values.

  • I have added a page to the site (based on this SO) that spits the machine key values back out, and verified that they are the same across requests to both machines and match the values that are in machine .config

  • The server side session state is in a shared state-server, I have verified that sessionid remains constant between requests to the 2 servers.

  • I have verified that the page is completely loaded and the __EVENTVALIDATION hidden field has been rendered into the page before initiating the post. The viewstate size is not too bad at 7.64kb

When a page is rendered from a request to server 1 and then posted back to server 2, I get the dreaded...

Error Message:

Unable to validate data.
at System.Web.Configuration.MachineKeySection.GetDecodedData(Byte[] buf, Byte[] modifier,   Int32 start, Int32 length, Int32& dataLength)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)   HttpApplication.RecordError => HttpApplication.RaiseOnError => global_asax.Application_Error

The post is triggered by a standard, unadulterated asp linkbutton, there is no ajax going on on the page.

Any and all help will be greatly appreciated.

Setting enableViewStateMAC = false is not a solution :-)

Solution

  • Having inherited the servers in the state that they were configured, I never questioned the validity of the keys!!! ...Just checked that they matched on both servers...

    Leaving all the encryption / decryption and validation algorithm settings as they were, I generated new keys using this tool which has a few more options than the others.

    Problem solved

    Moral of the story: If in doubt, generate new keys

    ... but why and how? Some postbacks with viewstate were working just fine with the old keys, it was only when the postback was to a different server that the problem became evident. If the keys were invalid - missing a character or something - then every postback should have failed - I think