Error on MVC application debug : Validation of viewstate MAC failed
Starting form now, for the first time, I am getting this error when I start debugging my MVC application
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Full stack trace
[ViewStateException: Invalid viewstate.
Client IP: 127.0.0.1
Port:
Referer:
Path: /Login/LogOn
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
ViewState: Fvq7WNUu+qCC00VbTIOTUuBvK4YHjxp3RubwsrFYW93hKlF7I4GLzaNHceRqjjJB0GwvRPWwlwE6brhAZAo+Mp191B/C+l8Dw/w7aQBDCpWGC3ox6hkSeZp10vbjm9eJFQZmGSPyC1rKYwApBBaz0Q==]
[HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.]
System.Web.UI.ViewStateException.ThrowError(Exception inner, String pe开发者_如何转开发rsistedState, String errorPageMessage, Boolean macValidationError) +198
System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) +14
System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +274
System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) +4
System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) +176
What does this means?
Please note: the error happens only during debug. When I deploy the app on local IIS everything works. It appears on the following code in my master page
<form id="__AjaxAntiForgeryForm" action="#" method="post">
<%= Html.AntiForgeryToken() %>
</form>
The immediate reason why this is happening is because of the antiforgery cookie getting invalidated. Closing and reopening the browser should fix the issue. You could alternatively try deleting the cookie associated with your test site.
Now for the underlying cause, this usually happens either because
- you are in a web farm scenario and your various servers are not confiured the same way (but you're saying that's not the case)
- the application changes the autogenerated MAC because of changes you are making to your apps configuration
- you recently applied a patch to fix the Asp.Net ViewState encryption vulnerability (which changed the way that encryption is performed in asp.net).
Any of this sound familiar?
We had a similar issue after patching the server to fix the ASP.NET vulnerability when viewed on machines without KB2416471 installed.
精彩评论