So I was working on another problem today with trying to get FormsAuthentication working on IIS7.  I kept getting two different errors with one giving me an error, and the other just causing the system to always loop back to the login page.

It drove me up the wall for about 4 hours today and it turned out to be a simple solution that was not obvious as to why it was causing it to fail.

The random error message was two part with one message in Event Viewer and the other on the web page error message.

In the event viewer I was getting a message of

Viewstate verification failed. Reason: The viewstate supplied failed integrity check.

and on the web page I was getting

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

So I started checking out Google in the obvious locations like StackOverflow.com, MSDN.Com…  But all of them kept saying that it was a machine key issue.  So I put a machine key in my web.config and that did not fix it, so then I put one in the Machine.config and I was still getting the errors.

What was really bugging me was I had built a quick little admin page for allowing me to create users and then login as that user and it was working great. The redirects were working and I was not getting looped back to the login page all the time.  Finally towards the end of the day I started to check the admin page and the login page line by line.

The login page was actually created by our marketing office and they use Dreamweaver for everything.  I was incorporating the code into the pages to make it work.  Both of the pages had a form and then two text boxes and a button.  The button called the code behind with the functions being identical.  The only thing that I could see different was in the form tag the login.aspx page had an action attribute calling for a jump to the member page, and the admin form did not.

I removed the action attribute from the form tag and low and behold it started to work.  I went back and removed the machine keys from the machine.config and the web.config and it still works.

I can only assume that since the forms action is trying to happen at the same time as the click of the button running it’s code behind there is a conflict and the action of the form is trying to run at the same time as the authentication.  I’ll have to do some more testing on this to see how it is actually affecting it.