asp.net錯誤解決：Unable to Validate Data in ASP.NET website

原文：http://www.codeproject.com/Articles/43637/Weird-Error-Unable-to-Validate-Data-in-ASP-NET-web

Have you ever come across a situation where your website which was working for the last couple of months gives a weird error"Unable to Validate Data". Yesterday, while working I found that my website which is already published in IIS throws

this error. Initially I thought the error might be with my code, but I found that everything is good with the code. So I looked forward to internet and found that this error comes when the

<code>viewstate</code>of a page cannot be decrypted when the response is received from the client.

When I looked at where the error was occurring (Target Site) I found:

Actually the problem is with the <code>viewstate</code>. The <code>viewstate</code>

is actually decrypted in the server using a secret Machine key which resides on the server. The interesting thing is the key gets regenerated after a certain time. Therefore when the user returns the<code>viewstate</code>, if the machine identified key is changed,

the decryption of<code>viewstate</code>fails and thus throws this nasty error.

The solution is simple. First of all, to solve the issue, I disabled the <code>ViewState</code>for the current page by putting <code>EnableViewState = false</code>. I even disabled this for the entire <code>viewstate</code>for the website usingWeb.config. But still the error.

Finally I used "<code>EnableViewStateMac =false</code>" in pages section. Voila, this cures the problem.

Just place the following between the system.web section and the site starts working.

Another solution that you might use as well is to place the machine key directly on yourweb.config, so that it always decrypts and encrypts using the static key values. To do this, you need to use the following:

To get deep knowledge on what makes this happen, I found some insight from the Internet and read some articles of MSDN. Let us talk a little on that note.

Say you made a request for a page in the server. After you place the request the server processes it, encrypts the viewstate that the server receives using the encryption mentioned. Basically it uses the key mentioned in the<code>Machine.config</code> to encrypt

the <code>viewstate</code>data. Finally it converts to Base64 and embeds into some hidden fields.

We can mention the machine key in <code>Web.config</code> too so that it uses it for the current website. You might use the<code>AutoGenerate</code>option too to enable/disable autogeneration of key during runtime.

1、pages節點修改：

2、生成 machinekey：

http://aspnetresources.com/tools/keycreator.aspx

把生成的machinekey 加入 webconfig對應的節點。

比如：&lt;machineKey validationKey="3FF1E929BC0534950B0920A7B59FA698BD02DFE8" decryptionKey="280450BB36319B474C996B506A95AEDF9B51211B1D2B7A77" decryption="3DES"  validation="SHA1"/&gt;

2014-07-10添加：實踐心得

3、如果多個子站點之間共享登陸帳号，得在不同的web.config裡設定同一個machineKey。