Error: Unable to Validate Data

Recently I have made some changes on my application after upload I have found this error:

Unable to validate data at
System.Web.Configuration.MachineKey.GetDecodedData(Byte[] buf, Byte[] modifier,
Int32 start, Int32 length, Int32& dataLength) at
System.Web.UI.LosFormatter.Deserialize(String input)

But I don't understand why this error was happening. Because I have changed on business logic not any architecture. After doing some r&d got the answer:)


Potential causes:

1.An application pool recycling between the time the viewstate was generated and the time that the user posts it back to the server (unlikely).
2.Modification of viewstate by firewalls/anti-virus software
3.A web farm where the machineKeys are not synchronized (not your issue).
4.Posting from one aspx page to another.

After studying various tutorial I have found that the problem is with the viewstate. The viewstate is actually decrypted in the server using a secret Machine key which resides on the server. The interesting thing is the key gets regenerated after a certain time. Therefore when the user returns the viewstate, if the machine identified key is changed, the decryption of viewstate fails and thus throws this nasty error.

Solution 1:

The solution is simple. First of all, to solve the issue, I disabled the ViewState for the current page by putting EnableViewState = false. I even disabled this for the entire viewstate for the website using Web.config. But still the error.

Finally I used "EnableViewStateMac =false" in pages section.this cause the problem.

<pages buffer="true" enableViewStateMac="flase"/>
</pages>

Just place the following between the system.web section and the site starts working.

Solution 2:

Second solution that we might use as well is to place the machine key directly on our web.config, so that it always decrypts and encrypts using the static key values. To do this, we need to use the following:

<machinekey validationkey="22E995276703B846C4AD0881EE3159FFCB376CD48B27F64
9A074815C83D5C925038938F6943555687582CBC186DB22E552FCDB4D46
124BAADEE85A857CC135BC"
decryptionkey="60588EB661A6483348C20F92659775872CB06427AF20733C"
validation="SHA1"></machinekey>

You can also try to use this site to generate validation key.

Viewstate & Machine config interaction:

When a request for a page in the server. After you place the request the server processes it, encrypts the viewstate that the server receives using the encryption mentioned. Basically it uses the key mentioned in the Machine.config to encrypt the viewstate data. Finally it converts to Base64 and embeds into some hidden fields.

We can mention the machine key in Web.config too so that it uses it for the current website. You might use the AutoGenerate option too to enable/disable autogeneration of key during runtime.
For more information visits.

For further study please visits: MS article