Originally written on June 2006
This message is relevant to all of us who build ASP.Net applications that are being deployed into a Web Farm/Garden. A small modification will have to be done in the web.config to avoid view state inconsistencies.
The problem is that the ViewState on ASP.Net pages are encoded based on a Key. By default an application will use the key on the machine.config file, which is auto generated, thus, different in every machine (server). If an application runs in a web farm, then there is a potential of having inconsistencies in the way the ViewState is encoded/decoded.
The solution is to set a the key used for encoding in the web.config… and setting it to a static key. This way all the encoding/decoding of the ViewState will be done with the same Key, and there will be no problems. Plus the Key will have an application scope, instead of a Server scope (which has when uses the machine.config).
The setting in the web.config is something like this (the one below is an example only):
<machineKey validationKey=”21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4″ decryptionKey=”261F793EB53B761503AC445E0CA28DA44AA9B3CF06263B77″ validation=”SHA1″ />
<!– OTHER SETTINGS –>
It is recommended to have different key setting for each application. Here are a key generator:
So, basically, if our application is on a web farm, or we think it will be, it is recommended to add a machine key section in our web.config.