Set enableViewStateMac to false or specify when using a web farm in a stateless load balance.

  • Article

 

Using enableViewStateMac requires that successive requests be forwarded to the same server (i.e. server affinity).  This feature is used to help prevent tampering of a page's view state; however, it does so based on an auto-generated validation key on the current server.  From this key, a message authentication code (MAC) is generated and sent in the ViewState back to the browser.  The problem is that if a POST back is performed and goes to a different server, you will get a nice little error message saying “Corrupt View State“.

To fix this, you can either set enableViewStateMac to false in the <pages> element or specify a common value for the validationKey attribute in the <machineKey> element across all servers (in the farm).

By the way, documentation says that this is OFF by default.  That is incorrect!  Go check machine.config!

    <!-- pages Attributes:
...
enableViewStateMac="[true|false]" // Default: false <- Even the comment says that it is false.
...
-->
<pages
...
enableViewStateMac= "true"
...
/>

Visit https://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfPagesSection.asp for more details.

Visit https://msdn.microsoft.com/msdnmag/issues/03/02/CuttingEdge/ for more details.