When I look where the error is occurring(Target Site) I found:
Unable to validate data at
System.Web.Configuration.MachineKey.GetDecodedData(Byte buf, Byte modifier,
Int32 start, Int32 length, Int32& dataLength) at
Actually the problem is with the viewstate. The viewstate is actually decrypted in the server using a secret Machine key which resides on the server. The interesting thing is the key gets regenerated after a certain time. Therefore when the user returns the viewstate, if the machine identified key is changed, the decryption of viewstate fails and thus throws this nasty error.
SolutionThe solution is simple. First of all, to solve the issue, I disabled the ViewState for the current page by putting
EnableViewState = false. Even I have disabled this for the entire viewstate for the website using Web.config. But still the error.
Finally I have used "EnableViewStateMac =false" in pages section. Voila, this cures the problem.
<pages buffer="true" enableViewStateMac="flase"/>Just place the following between the system.web section and the site starts working.
Another solution that you might use as well is to place the machine key directly on your web.config, so that it always decrypts and encrypts using the static key values. To do this you need to use the following :
124BAADEE85A857CC135BC" decryptionkey="60588EB661A6483348C20F92659775872CB06427AF20733C" validation="SHA1"></machinekey>
You might use this site to Generate your validation key as well.
To get the deep knowledge on what makes this happen, I found some insight from Internet and reading some articles of msdn. Let us talk a little on that note.
Say you made a request for a page in the server. After you place the request the server processes it, encrypts the viewstate that the server receives using the encryption mentioned. Basically it uses the key mentioned in the Machine.config to encrypt the viewstate data. Finally it converts to Base64 and embed into some hidden fields.
We can mention the machine key in Web.config too so that it uses it for the current website. You might use AutoGenerate option too to enable/disable autogeneration of key during the runtime.
Your comments are welcome. Read Disclaimer Notice