Home > .NET, ASP.NET MVC > How To Fix the: “Validation of viewstate MAC failed” Error (ASP.NET MVC)

How To Fix the: “Validation of viewstate MAC failed” Error (ASP.NET MVC)

November 23rd, 2009

I run my site on a Windows Shared Hosting account, and every time I updated the assemblies on my ASP.NET MVC site I’d be presented with the “Validation of viewstate MAC failed” error.

The “Validation of viewstate MAC failed” error only occurred when a page contained an HTML form element that made use of MVC’s AntiForgeryToken. The quick fix was to delete my __RequestVerificationToken cookie, but the error would rear its ugly head the minute I touched my assemblies. The long term solution was to add a machineKey element to my Web.config file – asking visitors to delete a specific cookies when visiting my site was not a viable option.

How I fixed the “Validation of viewstate MAC failed” error on Shared Hosting:

  1. I used the <machineKey> Generator Tool to generate a machine key
  2. I added the machineKey element to my Web.config file

My Web.config now looks similar to this:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <machineKey validationKey="..." decryptionKey="..." validation="SHA1" />

Anyhow, I hope this post helps anyone else that’s encountering this error.

Oh wait, here’s the error in its entirety for The Google Machine’s crawlers:

Server Error in '/' Application.

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Author: Adam Kahtava Categories: .NET, ASP.NET MVC Tags:
  1. Christian
    February 24th, 2010 at 08:33 | #1

    Thank you for your post. I was trying to narrow down the issue and knowing that it’s the anti-forgery token will go a long way.

  2. Adam Kahtava
    February 25th, 2010 at 06:54 | #2

    Glad I could help. :)

  3. March 2nd, 2010 at 05:58 | #3

    Wow, this was really biting me and my team’s ass for a while, especially the whole “ViewState” part of it that made absolutely no sense whatsoever, as we don’t even use ASPX views in our MVC project, but NVelocity. Thus, no viewstate can in any way exist in our project, yet viewstate exceptions were being thrown all over the place.

    While I think Microsoft has made a huge mistake in basing the anti forgery token on the legacy viewstate mac validation algorithm (and even haven’t managed to mask this legacy in more intuitive and descriptive error messages), your solution works fine.

    I wish Microsoft could somehow demand or at least encourage the existence of in web.config in ASP.NET MVC projects, so this problem wouldn’t ever surface to begin with.

    Again: Thanks for your solution! :)

  4. Joe
    November 4th, 2010 at 12:56 | #4

    Wow, I wish your article appeared higher on the google results. I have tried numerous other solutions to no avail. Yours did the trick! Thanks.

  5. xinqikan
    December 6th, 2010 at 23:06 | #5

    Oh my god, it solve my problem, thanks

  6. August 27th, 2012 at 09:53 | #6

    Great Article! Quickly fixed my exact problem! Very detailed as well.. Thank you so much!

    - Dan

  7. Irfan
    August 21st, 2013 at 09:43 | #7

    Thank u so much
    it really helped us

  8. shivkumar singh
    December 19th, 2013 at 23:10 | #8

    Thanks! this good solution,solve my problem.

  1. January 28th, 2013 at 05:55 | #1