Solved: “Validation of viewstate MAC failed”

You may come across this error message when you get around in pages of your ASP.NET website:

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Background

ASP.NET uses view-state variable to rebuild pages after post-backs. The text of your buttons and the value of the form fields are the examples that this variable stores.

In order to prevent tempering attacks that try to play around with view-state data to force your webpage behave unexpectedly, web server validates the view-state data between page redirections. If the data doesn’t match, you receive the error message above.

Solution

The issue of unmatched view-state data could be related to server configuration or session cookie. Here are the most common root causes:

  • Web server and application pool configuration related issues. Read details in this Microsoft Support article
  • If you are using ViewStateUserKey to prevent Cross-site Request Forgery (CSRF) attacks, make sure the value you assign to this variable is the same in all pages. The most common usage is that assigning session ID or username to ViewStateUserKey. Your website might be losing the session between page redirections. Check these two StackOverflow topics for details: Link 1link 2
  • Redirecting the page right after setting session variables may be the issue. You should avoid using Response.Redirect in this case. Details
  • Antivirus software might be causing the issue. Add scanning exceptions for IIS and your application’s folders. Details

How to allow European characters in text fields by using regular expression?

You need input validation in your forms to keep your application secure. The best and easiest way to implement input validation is that using regular expressions (regex).

Here is a simple regex to make sure that only English alphabet is allowed in the text field for user’s first name:

<telerik:RadTextBox ID="txtFirstName" runat="server" Font-Size="Medium" Width="200px"></telerik:RadTextBox><span class="mandotaryField" title="Mandotary field"> *</span>
<asp:RegularExpressionValidator ID="regexFirstName" CssClass="ValidationMessage" SetFocusOnError="true" runat="server" Display="Dynamic" ValidationExpression="^[a-zA-Z]$" ControlToValidate="txtFirstName" ErrorMessage="Invalid name format"></asp:RegularExpressionValidator>

What if you want to allow more than English alphabet? Let’s say you have users from Europe so that you need your regex to accept European languages such as German, Italian, Spanish, Portuguese, Danish, Swedish, Irish, Albanian and more.

Use this regex to accept over 70 European (and some African) characters in your text field:

^[a-zA-Z\u00c0-\u017e]$

Here are the characters accepted by this regex:

ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿıŒœŠšŸŽž

More Information:

Solved: Error Creating Control – Failed to create designer Telerik.Web.UI

After playing with references in your project, you may end up seeing your beloved Telerik controls in this annoying error box:

untitled-2

Error Creating Control – objectName
Failed to create designer ‘Telerik.Web.UI.RadDopDownList…’

Solution

This root cause of this issue is that a mismatch between the Telerik DLLs you referenced and the Telerik controls you have in your page.

In order to fix this issue, simply remove your Telerik references and add the ones whose version number match with the controls in your page.