验证视图状态 MAC 失败

原文摘自：http://blog.csdn.net/zlb789/archive/2008/01/03/2015949.aspx

验证视图状态 MAC 失败。如果此应用程序由网络场或群集承载，请确保 配置指定了相同的

这个错误的根源就是asp.net2.0 的GridView 经过一番搜索，找到以下的文章： http://aspadvice.com/blogs/joteke/archive/2006/02/02/15011.aspx http://forums.asp.net/1173230/ShowPost.aspx 分析后找到了问题的根源。首先，文章中提到，如果用GridView，并且指定了DataKeyNames属性，则出于安全的理由（因为DataKeyNames指定的字段代表数据的主键，且该主键值需要保存在视图状态中发送到客户端，用户如果篡改主键值，会导致安全问题），GridView会要求加密视图状态。为此会自动在页面表单</forms>之前添加一个<input type="hidden" name="__VIEWSTATEENCRYPTED" id="__VIEWSTATEENCRYPTED" value="" /> 。然而，Atlas的UpdatePanel要求放置在<form></form>内部，也就是</form>之前。 

<pages validateRequest="false"/>改为: 

<pages enableEventValidation="False" viewStateEncryptionMode="Never" /> 

以下是英文: 

ASP.NET 2.0 and "Validation of ViewState Mac failed" exception 
If you get this Exception 

[HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.] 

and 

you know *for sure* that you aren't using a web farm  
it seems that it appears when using built-in databound controls such as GridView, DetailsView or FormView which utilize DataKeyNames.  
it appears if you have a large page which loads slowly for any reason 
If following preconditions are true and you click a postbacking control/link while the Page hasn't loaded completely, you might get the "Validation of ViewState MAC failed" exception. In this case be sure to check following post on ASP.NET Forums where this has been discussed quite thoroughly : http://forums.asp.net/1173230/ShowPost.aspx 

It appears because GridView using DataKeyNames requires ViewState to be encrypted. And when ViewState is encrypted, Page adds <input type="hidden" name="__VIEWSTATEENCRYPTED" id="__VIEWSTATEENCRYPTED" value="" /> field just before closing of the <form> tag. But this hidden field might not bet yet rendered to the browser with long-running pages, and if you make a postback before it "gets down", browser initiates postback without this field (in form post collection) 

End result is that if this field is omitted on postback, Page doesn't "know" that viewstate is encrypted and causes the prementioned Exception. E.g Page expects to be fully-loaded before you can make a postback. And by the way similar problem is with event validation since __EVENTVALIDATION field is also rendered on the end of the form. 

A way to overcome the problem is to set in web.config  

<pages enableEventValidation="false" viewStateEncryptionMode ="Never" /> 

Just note the security implications of these!

最终改为:<pages enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false"/>  成功!!!!!!!!!!