Html.AntiForgeryToken() causeing errors after upgrading to .NET 3.5 SP1

Question

I've just updated to .NET 3.5 SP1 and my once working ASP.NET MVC page has now stopped working.

When trying to load a page I get the following YSOD

[CryptographicException: Padding is invalid and cannot be removed.]
   System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) +7596702
   System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +208
   System.Security.Cryptography.CryptoStream.FlushFinalBlock() +33
   System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) +225
   System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +195

[ViewStateException: Invalid viewstate. 
    Client IP: 127.0.0.1
    Port: 
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
    ViewState: hC6BC8KsuD/yoy2iG74bUZ8TYhGfuDDeIjh9fg/L18yr/E+1Nk/pjS5gyn9O+2jY
    Referer: http://localhost:1092/admin/product
    Path: /admin.aspx/product/edit/4193]

[HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.]
   System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +106
   System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) +14
   System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +242
   System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) +4
   System.Web.Mvc.AntiForgeryTokenSerializer.Deserialize(String serializedToken) +73

If I remove the line

<%= Html.AntiForgeryToken() %>

Everything works again, any ideas what might be causing this? I would have expected more luck in finding a solution if this was an MVC or .NET issue so I'm guess it is something to do with my configuration.

I've tried reinstalling the MVC framework to see if it was because I installed before SP1 but I still get the same issue. Google and SO search hasn't resulted in any firm conclusions.

Answer 1

Doh, just solved it.

Cleared my browser cache and cookies and everything works fine again.

Answer 2

Clearing the browser cache isn't an option if the site is already deployed and you're doing maintenance including an ASP.NET MVC assembly update. Here's the solution I used:

@Html.AntiForgeryTokenReset() @* use this instead*@

here is the extension method

public static MvcHtmlString AntiForgeryTokenReset(this HtmlHelper htmlHelper)
{
    try
    {
        return htmlHelper.AntiForgeryToken();
    } catch (Exception ex)
    {
        var request = HttpContext.Current.Request;
        request.Cookies.Clear();
        return htmlHelper.AntiForgeryToken();
    }
}