Last post May 08, 2018 06:42 AM by Brando ZWZ
May 05, 2018 10:26 AM|nimit.g|LINK
I am getting the error Viewstate verification failed. Reason: The viewstate supplied failed integrity check.
How to resolve it. Please help
Event code: 4009
Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check.
Event time: 5/5/2018 3:21:14 PM
Event time (UTC): 5/5/2018 9:51:14 AM
Event ID: a8afb72819834f53aceb1eb36f7ba1be
Event sequence: 1012
Event occurrence: 3
Event detail code: 50203
Exception message: Invalid viewstate.
User-Agent: Mozilla/5.0 (Linux; Android 6.0; vivo 1601 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.126 Mobile Safari/537.36
May 05, 2018 10:50 AM|mgebhard|LINK
ViewState is encrypted using a machine key. By default the machine key is configured to auto generate. If we assume error was NOT due to malicious intent then the error is due to the application restarting while the user has a web form open in the browser.
The new machine key cannot decrypt the ViewState that was encrypted by a the prior machine key.
This error has been around a long time and a simple Google search will show how to fix this issue as well as how ViewState works.
May 08, 2018 06:42 AM|Brando ZWZ|LINK
Viewstate verification failed. Reason: The viewstate supplied failed integrity check.
As mgebhard says, the ViewState is encrypted using a machine key.
As far as I know, to prevent this kind of tampering attack, the _VIEWSTATE field is protected by a message authentication code (MAC). ASP.NET validates the MAC that is submitted together with the __VIEWSTATE payload when a postback occurs. The key that is
used to calculate the MAC is specified in the application's element in the Web.config file. Because the attacker cannot guess the contents of the <machineKey> element, the attacker cannot provide a valid MAC if the attacker tries to tamper with the __VIEWSTATE
payload. ASP.NET will detect that a valid MAC hasn't been provided, and ASP.NET will reject the malicious request.
there are multiple reason why your application throw this exception.
1.The web application is running in a farm (multi-server environment)
2.The worker process uses the IIS 7.0 application pool identity
3.The application pool is configured by using LoadUserProfile=false
I suggest you could follow below MSDN Viewstate article to troubleshooting the reason and find solution by yourself.
Resolving view state message authentication code (MAC) errors