This article was previously published under Q324488
This article has been archived. It is offered "as is" and will no longer be updated.
You may experience the following problems:
You receive the following error message in the browser:
The View State is invalid for this page and might be corrupted.
When a user uses forms authentication, the user is redirected to the logon page after the user was authenticated previously. If the user requests the page again, the request succeeds, and the user is not redirected to the logon page.
NOTE: This problem does not occur frequently (several times for every million requests).
NOTE: This problem can show up in a few different ways. These symptoms are the most common examples.
Message Authentication Code (MAC) is used to determine whether a message that is sent over a channel that is not secure has been tampered with, provided that the sender and the receiver share a secret key.
The sender computes the MAC for the original data and sends both as a single message. The receiver recomputes the MAC on the received message and verifies that the computed MAC matches the transmitted MAC. Any change to the data or to the MAC results in a mismatch because knowledge of the secret key is required to change the message and to reproduce the correct MAC. Therefore, if the codes match, the message is authenticated.
The problem that is addressed with this fix is a race condition between the MAC computation and the garbage collector, which causes an invalid MAC to be produced. Because this is a race condition, the problem occurs more frequently on multi-processor computers because concurrency between the code that is being executed to compute the MAC and the garbage collector is more frequent.
If you experience a problem with view state, set the EnableViewStateMac page directive to false in testing, and see if the frequency of the problem is reduced to determine if you are experiencing this specific problem.
NOTE: Only set the EnableViewStateMac page directive to false in testing because this reduces security.
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft .NET Framework service pack that contains this hotfix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File Name -------------------------------------------------------- 19-Jun-2002 15:42 1.0.3705.290 1,953,792 Mscorlib.dll 18-Jun-2002 00:58 1.0.3705.290 2,265,088 Mscorsvr.dll 18-Jun-2002 00:59 1.0.3705.290 2,265,088 Mscorwks.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
If your experience this problem much more frequently than several times in a million requests, you may have multiple problems, or you may have a completely different problem (for example, the machine key is not synched up between the different servers if you are running a Web farm).