Thursday, January 04, 2007

Unable to validate data error in relation to machine key

I have experienced the following error on a production web site:

Unable to validate data

at System.Web.Configuration.MachineKey.GetDecodedData (Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Int32& dataLength)

Searching on the web, many developers seem to solve the problem at least partially by generating a static key as described in Microsoft's knowledge base.

This is a workaround but not an actual solution to the problem, at least in my scenario where my application runs in a dedicated application pool under limited privileges as described in

The fix is to run aspnet_regiis.exe –ga DOMAIN\USER where USER is the identity of the application pool. Also make sure the user is part of the IIS_WPG group.

This command gives not only access to the IIS metabase but also creates the registry keys required in


for the application pool to generate machine keys.


Nicki said...

Why would registry keys make a difference when it only gives the error occasionally?

Jacques L. Chereau said...

Who says it only gives the error occasionally?

Nicki said...

In my case the error appears sporadically, there is no server farm, only a single server. It appears every now and then, but not all the time.