DotNetNuke: “Validation of viewstate MAC failed” exception when using the DNN 7 login form in multiple tabs

Update 2013-04-18 It turned out, that this is not a bug, but a security feature in DNN. I’ve written an new blog post that describes a possible workaround.

This is the first blog post in my new DotNetNuke blog series. For a while now, I’m developing custom DotNetNuke modules and skins and I would like to share my experiences, problems and best practices, hoping that other users, developers or administrators can benefit from them when working with the DotNetNuke CMS. I’m using the Professional edition of DotNetNuke but most of the topics discussed in my blog posts are also related to the other editions (Community, Professional or Enterprise).

My first post is about a bug that I discovered in DotNetNuke login form. It can be easily reproduced in a blank DotNetNuke 7.0.3 environment with the following the step by step instruction:

  1. Make sure that you are logged out.
  2. Load the DNN portal’s start page in two browser tabs.
  3. Click the “Login” button in both tabs to open the login popup.
  4. Enter your credentials on the first tab and submit the form to log in.
  5. Switch to the second tab and try to log in on the second tab (using the same credentials).

Instead of being logged in in the second tab the login form is replaced by a DotNetNuke error page and the following System.Web.HttpException is logged:

[Thread:62][FATAL] DotNetNuke.Framework.PageBase - An error has occurred while loading page.
System.Web.HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.UI.ViewStateException: Invalid viewstate.
Client IP: ::1
Port: 64119
Referer: http://localhost:7003/login.aspx?ReturnUrl=/&popUp=true
Path: /Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
ViewState: 9NdsurNkQPp8U5spr0WuHQ8Al51OwxOWHeOuUi83Vf2fbOnYOCYKtoC0du2pECVvwnIM9JKMW/pHyJUixctMCehGWTDZPg8Yk3byUd4LQjnH5m+VDA/w0oXK9iUqYeAxPWa2QVzqDeuLgDtwv8jJulHu0UfEp+1AOGNev48AB/JHynG/9ZjNPG6wMR7RInTI+1B5dRwhpSOsZhmoUnOiw4qjRZDMwTSYxGs/34e+7Bv4qCjOTDEpwQBC6D7iiEprJeo9VLPFR1iw/9cYFdmRsPRFKgU+RKFHBYCX9mAtkyX1HX6DyiNA70ERlh4NttwiOeKN+FytmsOZoidwmt3LXxyAbTHsqH+NgTr65HDt4EWAWOAmGiyx91wej3DP8vhde9RGKlJNipCOrGtybiybeCbg7LfSvQ3jsv3vUALCwgKUfNTSS4L2aPQpPvVmJWb2QEar1fkRvQuCm84If2YZU4l0oKoUdK/dy/8bCGGow0/idGCfejX4ZqIIORCzvoextYCBc0e9uNSurgNFE0kD91fs7X3ilqaImk+j78M+x/39kzD3zBiA6v8YI/X9fW7ljSZLzmdsUKiZIXV6aiQDE4moULxD5zsbgvbunfjyrp46skVCaMgXEcrLrUQmDBmNy9xS2jNmrqYNOYmLIabHG8Z7V6VA5wHVr0HmY5Tdpgr5AVUYFdHobW3EiFkuckNecpOhwpJ8IAqsb5RUN5xpyUjnEyAQpJVmt1/UOkQSH69z/B0x9tFzB01SiUjFJ7IPHpiEEQzfEzM4h1QIyy0kcsjyM/goGOq4...
at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose)
at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose)
at System.Web.UI.HiddenFieldPageStatePersister.Load()
at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()
at System.Web.UI.Page.LoadAllState()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
[ERROR] DotNetNuke.Services.Exceptions.Exceptions - DotNetNuke.Services.Exceptions.PageLoadException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.UI.ViewStateException: Invalid viewstate.
Client IP: ::1
Port: 64119
Referer: http://localhost:7003/login.aspx?ReturnUrl=/&popUp=true
Path: /Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
ViewState: 9NdsurNkQPp8U5spr0WuHQ8Al51OwxOWHeOuUi83Vf2fbOnYOCYKtoC0du2pECVvwnIM9JKMW/pHyJUixctMCehGWTDZPg8Yk3byUd4LQjnH5m+VDA/w0oXK9iUqYeAxPWa2QVzqDeuLgDtwv8jJulHu0UfEp+1AOGNev48AB/JHynG/9ZjNPG6wMR7RInTI+1B5dRwhpSOsZhmoUnOiw4qjRZDMwTSYxGs/34e+7Bv4qCjOTDEpwQBC6D7iiEprJeo9VLPFR1iw/9cYFdmRsPRFKgU+RKFHBYCX9mAtkyX1HX6DyiNA70ERlh4NttwiOeKN+FytmsOZoidwmt3LXxyAbTHsqH+NgTr65HDt4EWAWOAmGiyx91wej3DP8vhde9RGKlJNipCOrGtybiybeCbg7LfSvQ3jsv3vUALCwgKUfNTSS4L2aPQpPvVmJWb2QEar1fkRvQuCm84If2YZU4l0oKoUdK/dy/8bCGGow0/idGCfejX4ZqIIORCzvoextYCBc0e9uNSurgNFE0kD91fs7X3ilqaImk+j78M+x/39kzD3zBiA6v8YI/X9fW7ljSZLzmdsUKiZIXV6aiQDE4moULxD5zsbgvbunfjyrp46skVCaMgXEcrLrUQmDBmNy9xS2jNmrqYNOYmLIabHG8Z7V6VA5wHVr0HmY5Tdpgr5AVUYFdHobW3EiFkuckNecpOhwpJ8IAqsb5RUN5xpyUjnEyAQpJVmt1/UOkQSH69z/B0x9tFzB01SiUjFJ7IPHpiEEQzfEzM4h1QIyy0kcsjyM/goGOq4...
--- End of inner exception stack trace ---
at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose)
at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose)
at System.Web.UI.HiddenFieldPageStatePersister.Load()
at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()
at System.Web.UI.Page.LoadAllState()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---

I hope that this bug is being fixed in a future release…

Comments

    Leave a comment

    Your email address will not be published. Required fields are marked *

    *