Viewstate exception - asp.net

In our website (ASP.NET Forms, Sitecore 6.6), in the log files I find so many viewstate exceptions. But there is no obvious issues reported by the users.
Here is the exception, by referring to the log files I found that this issue mainly occurs in a particular page which has a viewstate like 20KB. Please help to sort out this issue.
5676 00:30:43 ERROR Application error.
Exception: System.Web.HttpException
Message: The client disconnected.
Source: System.Web
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError)
at System.Web.UI.HiddenFieldPageStatePersister.Load()
at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()
at System.Web.UI.Page.LoadAllState()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Nested Exception
Exception: System.Web.UI.ViewStateException
Message: Invalid viewstate.
Client IP: xxx.xxx.xxx.249
Port: 53377
Referer: <URL>
Path: /<PATH>
User-Agent: Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25
ViewState: cT4jo/ieR1NMvyqfwH6MToZmW6E/oKO64RcFXyllzcXB84wiWN/j3WeRyXxUZWCnr9c6staUp76B0Zr7/IqYgWWS3qfiMu9xzpU61bB+TAjDz0IbVwSt0rvZoFh7M/tQGQWyRha4ieCH7B5wKu3hXexRTIWwvP0JLbNmnQyFnOdqTnJZXBYQtaTyzMva3Fy7Q9YNstymtd1XrO1WHvUsBS6CwyV8eUYZs3LWRvczf3Ixz2XRg2Y4fY4kpuXl+QJLkbhgnALcFeGe9ur1l8Gyq6EdhqRb0BOlK4ozKaq4hpUT6HWes9YP2DjCJCpa2wP47hqZ5DaAXrcN+R6UPOqYIl6TSIjNUCv35NPPozaFjItLGmZi6ee+PfxOSz4ejxgBJzV3KNf2/1Mr5GNI7uZWgw998CI0mtxtpuWjp5kZCAfKzSCX//Vv7030VBLAE4Gj1RYIek1WNuwDreglFE5Pt8uKMDOsJstt8tXGqyCVcxqQAnRyN51e3uuqbDvDL2yVXA6yv6QyaCD/XmIHcgz//HItyqlhEziyOx7MxwKzpMyLu/6g2poqKMoNWtnQwxw9JTVwijEf45Lai+BOmgMNITgyrmLDp7ioHgHFK0VSmrSxN2W+CBRyyXWfn3QAy8UQYpq1TdHEUnGbc3XTTfBYW/gj+mFGaEpM24hUi/gJBxU2r+/wG2XxHfsxgrq6kG5cM8Hzf4GHuSC4...
Nested Exception
Exception: System.FormatException
Message: Invalid length for a Base-64 char array or string.
Source: mscorlib
at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose)
at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose)
at System.Web.UI.HiddenFieldPageStatePersister.Load()

We have also seen this on our load balanced servers, specifically on pages where we use some form of ajax control (either ajax control toolkit, or home-grown).
The issue appears to be that the customer invokes some form of ajax request, then either closes their browser or goes to a different page either by a link or the browser back/forward controls.
One thing you can do, if you have control over when your response is sent to the client, is to do the following:
if(HttpContext.Current.Response.IsClientConnceted) {
//Send response
}
This should remove the error from your logs.

I've seen this same exception message in our logs for some time now and I have never been able to reproduce the issue until today, so I thought that I'd share my experience.
On a page using Ajax Update Panels, the user can first load the page. Then the user can invoke an Ajax request. If the user invokes another Ajax request, but hits the back button before the second Ajax request finished loading then the user is redirected to the previous page and the exception message is logged.
The user experience is not interrupted when this message is logged and therefore, the user doesn't know that anything happened behind the scenes. The exception message is accurate in terms of how view state is handled in the ASP.Net page life cycle.
I would say that the exception message is safe to ignore and you could likely find a solution to avoid having the exception message logged in the first place.
As a note, adding machine keys or addressing web server config settings has never helped me in any case regarding this exception message primarily because, in most cases, I was not using a web farm.

Related

What kind of attack is this: (="...?return="><noembed><img+src%3D...")

My server is throwing errors like this. I suppose some kind of attack is takign place. I have IIS7, Windows server 2012.
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.RawUrl value was detected from the client (="...?return="><noembed><img+src%3D...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_RawUrl()
at System.Web.UI.Page.ValidateRawUrlIfRequired()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
It is basically warning for a cross-site scripting attack (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
This means somebody is trying to inject valid HTML into your webpage using the query-string. If your webserver is programmed to subsequently display this somewhere else (maybe a forum or something) then this opens up an attack vector. Other visiting users to your site might execute JavaScript code injected by the attacker.
To prevent this, ASP.NET by default does not allow certain content to appear in the query string, specifically anything that resembles valid HTML. This could be caused by an input-field somewhere on your website that does not correctly escape HTML characters OR someone is simply trying to attack you website. Either way, make sure to always escape user-controlled input correctly on the server or on the client (or both).
If you think your security is OK, then you can ignore this error as it is basically out of your control. ASP.NET simply detected the attack and blocked it.

Validation of viewstate MAC failed and anti XSRF issue

I know this was posted here so many times and had a valuable suggestions and suggested fixes. But none of them helped.
We have an e commerce site which is online ordering system. Our web site is hosted on IIS 7.0 with .net framework 4.0.(this is the only website running on IIS ). In our testing environment everything worked fine and we deployed it.
Now we are getting MAC ERROR when user is trying to access the site or if he is in the site and browsing to other pages, user is facing this error. Here is the stack trace.
Exception: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Stack Trace: System.Web.HttpException
Stack Trace:
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_usagereports_index_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
We started getting this issue when we implemented a code to fix CSRF issue in the base page.
If we take out the code and tested with a user, we are not getting any error.
So far we have tried these solutions
1) Applied machine key to the website even though we are not web farm environment.
2) We don’t want to disable the enableviewstate to false or the viewstateencryption mode to never as it is preferred not to do that. We even tried this but didn’t help.
3) We tried assigning different combinations for the base.viewstateuserkey like combination of userhostaddress and user Agent but it didn't help.
4) We used Microsoft .net web protection library from this link
http://software-security.sans.org/developer-how-to/developer-guide-csrf
After this we started getting another error
Inner Exception Type: System.InvalidOperationException
Inner Exception: Validation of Anti-XSRF token failed.
Inner Stack Trace:
at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.signin_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Now we are getting two errors. MAC error and Anti XSRF error.
Searched on this error and I saw number of posts but i tried them. None of them helped.
Any suggestions on this are much appreciated.
Thanks in advance
The MAC for the ViewState is derived using the ANtiXsrfTokenKey generated in your master page. If the token is not present when the user accesses your site (cookies disabled or the value in the cookie changed or deleted) then the page will generate a new token. What then happens, if there is a ViewState in the page being posted back, is that the MAC will be checked with the new Token and won't match the old token, that is the first error you can see.
The Xsrf check in your master page is slightly confusing but uses the Xsrf token stored in a cookie and matches it to the value stored in the page. Usually these will match but if another site attempts to make an illegal request to your site, their site won't send the Xsrf cookie and the check will fail. The reason that this is confusing is that if you have a ViewState, this will fail before the Xsrf check.
Another issue with the Xsrf check is that it uses the logged in user's name as part of the check. If a user is logged in and then the auth cookie is deleted or expires, this part of the check will fail and you will see an Xsrf failure which is misleading, the real error is that "the authentication has expired causing the Xsrf check to fail".
I have re-worked the functions in Site.Master.cs several times to make these errors more clear.
Hope that helps.

Invalid Viewstate on Mobile Browsers Net 1.1 - Since 13 Feb 2014

Yesterday we started getting intermittent Invalid Viewstate errors in an ASP.NET website (1.1) that has been running perfectly for the past few years!
System.Web.HttpUnhandledException: Exception of type System.Web.HttpUnhandledException was thrown. ---> System.Web.HttpException: Invalid_Viewstate Client IP: xxx.xxx.xxx.xxx Port: 55415 User-Agent: UCWEB/2.0 (Linux; U; Adr 4.1.2; en-US; ST27i) U2/1.0.0 UCBrowser/8.7.0.315 U2/1.0.0 Mobile ViewState: dDwyMDMzMzIzOTc5O3Q8O2w8aTwz.....
Http-Referer: http://www.mysite.com/default.aspx Path: /default.aspx. ---> System.FormatException: Invalid length for a Base-64 char array. at System.Convert.FromBase64String(String s) at System.Web.UI.LosFormatter.Deserialize(String input) at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() ....
The strange thing is we haven't made any changes to the code, problems just started on their own.
Have performed all the usual checks such as machine.config validation keys etc.
Finally managed to relieve the problem for desktop browser by turning off ViewStateMac:
<pages enableViewStateMac="False" />
Now in the logs the only browsers reporting the error are mobile browsers although we cannot reproduce the error with any desktop or mobile browsers ourselves :(
UPDATE
Looking through the logs we now suspect the cause of the error are some Windows Updates that were automatically installed yesterday.
Windows Updates that were auto installed 13 February 2014:
http://support.microsoft.com/kb/2898860
http://support.microsoft.com/kb/2901115
Is anybody else seeing Invalid_Viewstate in .net 1.1 since these updates were released?
There is no specific information about what the updates changed from MS.
Never set EnableViewStateMac=false.
The most likely cause of the error you're seeing is that requests are timing out, resulting in an incomplete payload being received by the server. Try bumping the value of <httpRuntime executionTimeout> in Web.config (doc here) if you expect to be dealing with slow clients.
We're using .NET 4.5, and I just saw the following exception in our web logs.
System.Web.HttpException (0x80004005): The state information is invalid for this page and might be corrupted.
---> System.Web.UI.ViewStateException: Invalid viewstate.
Client IP: [CENSORED]
Port: 52119
Referer: [CENSORED] Path: [CENSORED] (an ASPX page in our app)
ViewState: [CENSORED]
---> System.FormatException: Invalid length for a Base-64 char array or string.
at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose)
at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose)
at System.Web.UI.ClientScriptManager.EnsureEventValidationFieldLoaded() --- End of inner exception stack trace ---
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError)
at System.Web.UI.ClientScriptManager.EnsureEventValidationFieldLoaded()
at System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument)
at System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument)
at System.Web.UI.WebControls.HiddenField.LoadPostData(String postDataKey, NameValueCollection postCollection)
at System.Web.UI.WebControls.HiddenField.System.Web.UI.IPostBackDataHandler.LoadPostData(String postDataKey, NameValueCollection postCollection)
at System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
The user agent was:
User-Agent: UCWEB/2.0 (MIDP-2.0; U; Adr 2.3.5; en-US; TECNO_P3) U2/1.0.0 UCBrowser/9.1.1.420 U2/1.0.0 Mobile
It's not a spider, because the user actually reported the problem to us afterward. I installed the latest Android and iOS (iPad) versions of the browser, and tested our page using a workflow similar to what our logs showed for this user. The result was that the page seemed to work fine. So I am going to go back to the user and suggest that they may need to upgrade their UC Browser to the latest version.
According to http://en.wikipedia.org/wiki/UC_Browser, the browser attempts to improve performance using proxying and cloud compression; I could easily see that interfering with Viewstate if not done carefully. I also found the overall "smell" of the browser to be somewhat spammy, with excessive affiliate/content links, rating solicitation, etc. I will ask our support team to recommend that our user try a more mainstream browser.

Viewstate exception Validation of viewstate MAC failed

In our log files I find the following exception. (ASP.NET, Sitecore 6.6). Any ideas why this happens?
I referred to this post. My app is not in a server farm. Also this does not happen with every postback.
7776 02:11:53 ERROR Application error.
Exception: System.Web.HttpException
Message: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Source: System.Web
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose)
at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose)
at System.Web.UI.HiddenFieldPageStatePersister.Load()
at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()
at System.Web.UI.Page.LoadAllState()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Nested Exception
Exception: System.Web.UI.ViewStateException
Message: Invalid viewstate.
Client IP: xxx.xxx.xxx.201
Port: <PORT>
Referer: <URL>
Path: /<PAGE>
User-Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
ViewState: /wEPDwUJMzY0OTY5Mjg5D2QWAgIFEGRkFgQCAw9kFgJmD2QWAmYPZBYCAg4PZBYCZg9kFgQCAw8PFgQeFUN1cnJlbnRTZWxlY3Rpb25WYWx1ZQUkMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwHhRDdXJyZW50U2VsZWN0aW9uVGV4dAUVQWxsIENhdGVnb3JpZXMgKDY5NTEpZBYCAgEPZBYCZg9kFgICAQ8UKwACDxYGHgRUZXh0BRVBbGwgQ2F0ZWdvcmllcyAoNjk1MSkeBF8hU0ICAh4IQ3NzQ2xhc3MFB1Rvb2xCYXJkEBYBZhYBFCsAAmRkDxYBZhYBBXdUZWxlcmlrLldlYi5VSS5SYWRDb21ib0JveEl0ZW0sIFRlbGVyaWsuV2ViLlVJLCBWZXJzaW9uPTIwMTIuMi42MDcuMzUsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MTIxZmFlNzgxNjViYTNkNBYCAgIPFCsAAWQWAgIBDxQrAAIUKwACFCsAAg8WBB8EBQdUb29sQmFyHwMCAmQPFCsAARQrAAIPFgYfAgUVQWxsIENhdGVnb3JpZXMgKDY5NTEpHgVWYWx1ZQUkMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwHghTZWxlY3RlZGdkZA8UKwEBZhYBBXNUZWxlcmlrLldlYi5VSS5S...
please check this link
Root Cause
This exception appears because Controls using DataKeyNames require Viewstate to be encrypted. When Viewstate is encrypted (Default mode, Auto, is to encrypt if controls require that, otherwise not), Page adds field just before closing of the tag. But this hidden field might not have been rendered to the browser with long-running pages, and if you make a postback before it does, the browser initiates postback without this field (in form post collection). End result is that if this field is omitted on postback, the page doesn't know that Viewstate is encrypted and causes the aforementioned Exception. I.E. page expects to be fully-loaded before you make a postback.
And by the way similar problem is with event validation since __EVENTVALIDATION field is also rendered on the end of the form. This is a security feature that ensures that postback actions only come from events allowed and created by the server to help prevent spoofed postbacks. This feature is implemented by having controls register valid events when they render (as in, during their actual Render() methods). The end result is that at the bottom of your rendered tag, you'll see something like this: . When a postback occurs, ASP.NET uses the values stored in this hidden field to ensure that the button you clicked invokes a valid event. If it's not valid, you get the exception above.
The problem happens specifically when you postback before the EventValidation field has been rendered. If EventValidation is enabled (which it is, by default), but ASP.net doesn't see the hidden field when you postback, you also get the exception. If you submit a form before it has been entirely rendered, then chances are the EventValidation field has not yet been rendered, and thus ASP.NET cannot validate your click.
Workarounds
1. Set enableEventValidation to false and viewStateEncryptionMode to Never as follows:
This has the unwanted side-effect of disabling validation and encryption. On some sites, this may be ok to do, but it isn't a best practice, especially in publicly facing sites.
I have similar issue in my recent project.When I tried to find some help from google, the things that most people discussed are the following
Add machine key in web.config
<system.web>
<machineKey validationKey="..." decryptionKey="..." validation="SHA1" />
</system.web>
Set EnableViewStateMAC=False in web.config
<system.web>
<pages enableViewStateMac="False"/>
</system.web>
But all above solution did not work for me. Whenever I try to open application with IP address it works fine but if I tried open application with domain name it showed me "Viewstate MAC failed" error. I dig down to find out what an issue and finally I found solution, this error occurs when browser does not accept cookie from server.
Godaddy provides feature for domain forwarding with masking. One of my colleague set that feature on our application domain, IE and Safari have security Level that they does not accept cookies from third parties and Advertiser, therefore both these browser generated "Viewstate MAC failed" error.
You can set Security Level to Accept all cookie in IE
Tools > Internet Options > Privacy
and Move Setting slider bottom for the Value "Accept all Cookie".
Hope this solution will help other to get out of asp.net legacy error "Viewstate MAC failed".

The state information is invalid for this page and might be corrupted in internet explorer

I have used jquery for mbscrollable it working fine but when i run application in Internet Explorer it gives error on button which redirects to next page.
Error is:
The state information is invalid for this page and might be corrupted.
Server Error in '/maxnetecommerce' Application.
The state information is invalid for this page and might be corrupted.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: The state information is invalid for this page and might be corrupted.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[FormatException: Invalid character in a Base-64 string.]
System.Convert.FromBase64String(String s) +0
System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +102
System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) +59
System.Web.UI.HiddenFieldPageStatePersister.Load() +124
[ViewStateException: Invalid viewstate.
Client IP: 182.72.17.210
Port: 54486
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.1; .NET4.0C)
ViewState: /wEPDwULLTEwMjY3ODM1MjEPFgIeB2VuZERhdGUFAjMwFgJmD2QWAgIDD2QWBgIFD2QWAmYPFgIeBFRleHQF+CE8ZGl2IGlkPSdtZW51Jz48dWwgY2xhc3M9J21lbnUnPjxsaSBpZD0nMCcgb25DbGljaz0nc2V0Q29va2llKDApJz48YSBocmVmPSdEZWZhdWx0LmFzcHgnIGNsYXNzPSdwYXJlbnQnPjxzcGFuPkhvbWU8L3NwYW4+PC9hPjwvbGk+PGxpIGlkPScxJyBvbkNsaWNrPSdzZXRDb29raWUoMSknPjxhIGhyZWY9J1JlZ2lzdGVyLmFzcHgnIGNsYXNzPSdwYXJlbnQnPjxzcGFuPlJlZ2lzdGVyPC9zcGFuPjwvYT48L2xpPjxsaSAgaWQ9JzInIG9uQ2xpY2s9J3NldENvb2tpZSgyKSc+PGEgaHJlZj0nTG9naW5QYWdlLmFzcHgnIGNsYXNzPSdwYXJlbnQnPjxzcGFuPkxvZ2luPC9zcGFuPjwvYT48L2xpPjxsaSBpZD0zIG9uQ2xpY2s9J3NldENvb2tpZSgzKScgPjxhIGhyZWY9JyMnIGNsYXNzPSdwYXJlbnQnPjxzcGFuPkJpa2VzPC9zcGFuPjwvYT48ZGl2Pjx1bD4gPGxpIGlkPTMgb25DbGljaz0nc2V0Q29va2llKDMpJyA+PGEgaHJlZj0nQ2F0ZWdvcnlGZWF0dXJlZFByb2R1Y3RzLmFzcHg/UGFyZW50Q2F0aWQ9MzUmU3ViQ2...]
[HttpException (0x80004005): The state information is invalid for this page and might be corrupted.]
System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +148
System.Web.UI.HiddenFieldPageStatePersister.Load() +10956310
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +11040040
System.Web.UI.Page.LoadAllState() +46
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11035559
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11035098
System.Web.UI.Page.ProcessRequest() +91
System.Web.UI.Page.ProcessRequest(HttpContext context) +240
ASP.default_aspx.ProcessRequest(HttpContext context) +52
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
But it works fine in Mozilla Firefox,
when i remove mbscrollable from page no error comes,
can anybody please tell me solution for this.
Thanks.
My guess is that you have a big view state, because the mb.scrollable keep all data on the same page, and usually this data are saved on viewstate.
To test that just check the source code of your rendered html to see if viewstate are real huge.
Then if it is just change the viewstate options on web.config. You can cut it in parts automatically on web.config. You can also find code on web that compress the viewstate. You can also disable the viewstate for your control and check if you do not have other problems and you do not needed.
Hope this help.
Most of the time we modify pages, which causes the shadow, copied files in the Temporary ASP.NET files folder to be regenerated. A user has a copy of the page that was requested before this change, and the user posts the page after the files in that folder were regenerated.
For more detail visit http://support.microsoft.com/kb/323744

Resources