We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
6  11202 
enableEventValidation checks that postbacks are from enabled controls,
and that the posted select values are in the rendered list. it has no
effect on the error message you are receiving.
most likely the application is recycling between render and postback.
this causes a new key to be generated and your error. you can fix the
key in the web config and avoid this.
-- bruce (sqlwork.com)
Gibble wrote:
We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
enableEventValidation is probably not what you need to look at. What that
controls is whether the Form elements in a postback are the same that were
on the original page, and has more to do with adding controls or dropdownlist
elements programmatically (for example).
ValidateRequest is more like what you want to be looking at. Also, see if
you really need ViewState enabled on all your controls or the page, to cut
down on its size.
Peter
--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net
"Gibble" wrote:
We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
We already use a fixed key in our web.config.
On May 10, 12:03 pm, bruce barker <nos...@nospam.comwrote:
enableEventValidation checks that postbacks are from enabled controls,
and that the posted select values are in the rendered list. it has no
effect on the error message you are receiving.
most likely the application is recycling between render and postback.
this causes a new key to be generated and your error. you can fix the
key in the web config and avoid this.
-- bruce (sqlwork.com)
Gibble wrote:
We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
The current web.config contains.
<pages validateRequest="false" enableEventValidation="true"/>
On May 10, 12:13 pm, Peter Bromberg [C# MVP]
<pbromb...@yahoo.yabbadabbadoo.comwrote:
enableEventValidation is probably not what you need to look at. What that
controls is whether the Form elements in a postback are the same that were
on the original page, and has more to do with adding controls or dropdownlist
elements programmatically (for example).
ValidateRequest is more like what you want to be looking at. Also, see if
you really need ViewState enabled on all your controls or the page, to cut
down on its size.
Peter
--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net
"Gibble" wrote:
We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
you should probably reduce your viewstate size (< 1k), if you can not,
then you probably need to set viewStateEncryptionMode to never and turn
off enableEventValidation.
the security you face is your site is easier to hack. because the
viewstate is not encrypted, hackers can change values in the viewstate,
send values not included in a dropdown list and press buttons you may
have disabled. as long as you site does not trust any postback values,
and validates button clicks then you are fine.
crosssite scripting and sql injection are the most common risks if you
do not do the above validation.
-- bruce (sqlwork.com)
Gibble wrote:
We already use a fixed key in our web.config.
On May 10, 12:03 pm, bruce barker <nos...@nospam.co
>enableEventValidation checks that postbacks are from enabled controls,
and that the posted select values are in the rendered list. it has no
effect on the error message you are receiving.
most likely the application is recycling between render and postback.
this causes a new key to be generated and your error. you can fix the
key in the web config and avoid this.
-- bruce (sqlwork.com)
Gibble wrote:
>>We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
Well, we shouldn't be using viewstate anywhere anyhow, it's disabled
wherever possible.
Thanks.
On May 10, 2:54 pm, bruce barker <nos...@nospam.comwrote:
you should probably reduce your viewstate size (< 1k), if you can not,
then you probably need to set viewStateEncryptionMode to never and turn
off enableEventValidation.
the security you face is your site is easier to hack. because the
viewstate is not encrypted, hackers can change values in the viewstate,
send values not included in a dropdown list and press buttons you may
have disabled. as long as you site does not trust any postback values,
and validates button clicks then you are fine.
crosssite scripting and sql injection are the most common risks if you
do not do the above validation.
-- bruce (sqlwork.com)
Gibble wrote:
We already use a fixed key in our web.config.
On May 10, 12:03 pm, bruce barker <nos...@nospam.co
enableEventValidation checks that postbacks are from enabled controls,
and that the posted select values are in the rendered list. it has no
effect on the error message you are receiving.
most likely the application is recycling between render and postback.
this causes a new key to be generated and your error. you can fix the
key in the web config and avoid this.
-- bruce (sqlwork.com)
Gibble wrote:
We have been receiving 100s of this error:
----------
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or cluster, ensure that <machineKeyconfiguration specifies
the same validationKey and validation algorithm. AutoGenerate cannot
be used in a cluster.
----------
Since we aren't using a Web Farm or Cluster that's not the issue. The
machine key is correct. I believe this is related to large/slow
loading pages not being done rendering when the post back happens.
Therefor the __EVENTVIEWSTATE form value is not yet set and
subsequently not sent with the form.
What are the security implications of setting
enableEventValidation="false" in my web.config?
Thankyou.
-G
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Sergej Grickov |
last post by:
Hello, all!
I started to develop my application with ASP.Net 2.0 and got the strange
behavior with pages, where user change any form control (i.e. checkbox,
button, etc.).
Ex.: when I clicked...
|
by: Dhruba Bandopadhyay |
last post by:
Validation of viewstate MAC failed. If this application is hosted by a Web
Farm or cluster, ensure that <machineKey> configuration specifies the same
validationKey and validation algorithm....
|
by: Jeremy Chapman |
last post by:
This is odd behavior. In my aspnet 2.0 app (basic app, nothing out of the
ordinary here), if I am using my iPAQ handheld device and I hit the refresh
button on my page, I get an error "Validation...
|
by: sck10 |
last post by:
Hello,
I have applications that produce the following error when they have been
open to long without activity. Is there any way to force a re-load of the
page or go to another page if the page...
|
by: russell.lane |
last post by:
I'm getting the much-hated "validation of viewstate MAC failed" error. This
is on an ASP.Net 2.0 app running in IIS with IE 6+ as the browser.
The full error text is:
Validation of viewstate...
|
by: Chris |
last post by:
I am getting an intermittant 'Validation of viewstate MAC failed' when
people go to a particular page. I have tried setting:
enableEventValidation="false"
viewStateEncryptionMode ="Never"
in...
|
by: SpaceMarine |
last post by:
hello,
when my page attempts a Telerik RadGrid row insert (AJAX enabled) my
page throws this exception:
Validation of viewstate MAC failed. If this application is hosted by a
Web Farm or...
|
by: sck10 |
last post by:
Hello,
I have a web project (VS 2008 c#). I have a page that opens, but when I try
to call an assembly (managed c++) on a submit event, I get the following
error on the web server, but not on...
|
by: skozyk |
last post by:
I kept getting the following error: "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
