You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0

After you upgrade from Microsoft ASP.NET 1.1 to Microsoft ASP.NET 2.0, some ASP.NET-based applications may not function correctly. Additionally, when you access ASP.NET Web pages that have ViewState enabled, you may receive the following error message:

This problem occurs when the following conditions are true:

• The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry subkey is set to 1.
• ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The ReindaelManaged implementation has not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Therefore, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.

Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.

To work around this problem, change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data. To do this, follow these steps:

1. In a text editor such as Notepad, open the application-level Web.config file.
2. In the Web.config file, locate the <system.web> section.
3. Add the following <machineKey> section to in the <system.web> section:

   <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

4. Save the Web.config file.
5. Restart the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:
   iisreset

Important Theoretically, the 3DES algorithm is less secure than the AES (Rijndael) algorithm. We recommend that you use the AES algorithm whenever possible to help secure your system.

Steps to reproduce the problem

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Before you can reproduce this problem, you must set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry subkey to 1 to enable the FIPS-compliant algorithms policy.

Follow these steps, and then quit Registry Editor:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
3. On the Edit menu, click Modify.
4. Type 1, and then press ENTER.

Note You must restart the computer for the new setting to take effect.

To reproduce the problem, follow these steps:

1. In Visual Studio 2005, click New Web Site on the File menu, click ASP.NET Web Site under Templates, type DriveLetter:\Path\KB911722 in the Location box, and then click OK.
2. In Solution Explorer, right-click Default.aspx, and then click Open.
3. Replace the existing code with the following code.

   <%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   <html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
   	<title>Test Page for KB911722</title>
   </head>
   <body>
   <form id="Form1" runat="server" >
    <script language="C#" runat="server" > 
    public void Page_Load() 
    { 
    	Label1.Text = "EnableViewState attribute is set to " + Page.EnableViewState.ToString(); 
    } 
    </script> 
   
    <asp:Label id="Label1" runat="server" Text="text"></asp:Label>
   </form>
   </body>
   </html>

4. On the Debug menu, click Start Debugging.

You receive the error message that is mentioned in the "Symptoms" section.

For more information about the effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows XP, click the following article number to view the article in the Microsoft Knowledge Base: