Maintaining ViewState consistency in a web farm environment

Originally written on June 2006 

This message is relevant to all of us who build ASP.Net applications that are being deployed into a Web Farm/Garden. A small modification will have to be done in the web.config to avoid view state inconsistencies.

The problem is that the ViewState on ASP.Net pages are encoded based on a Key. By default an application will use the key on the machine.config file, which is auto generated, thus, different in every machine (server). If an application runs in a web farm, then there is a potential of having inconsistencies in the way the ViewState is encoded/decoded.

The solution is to set a the key used for encoding in the web.config… and setting it to a static key. This way all the encoding/decoding of the ViewState will be done with the same Key, and there will be no problems. Plus the Key will have an application scope, instead of a Server scope (which has when uses the machine.config).

The setting in the web.config is something like this (the one below is an example only):

  <machineKey validationKey=”21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4″  decryptionKey=”261F793EB53B761503AC445E0CA28DA44AA9B3CF06263B77″ validation=”SHA1″ />

It is recommended to have different key setting for each application. Here are a key generator:

Machine Key Generator

So, basically, if our application is on a web farm, or we think it will be, it is recommended to add a machine key section in our web.config.

Author: ricardocovo

Senior Software Architect/Developer with extensive experience in web related technologies.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: