Viewstate Error in webpage - asp.net

The following error occurs when my webpage is idle for more than 5 min.
Error: Sys.WebForms.PageRequestManagerServerErrorException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Source File: http://www.dial4jobz.com/ScriptResource.axd?d=Xl5p0QQ_qaR3K9bIVhwC3LyqjOX_oAKyeLj_-uS5j1VoFExVtm3XAHiq64EGJt04xntLJvh-9y3pvN3dvKgg5b6sQwkFvX7GT4f0aKn7iyc1&t=73e6f815
Dono, wat is the cause of this error.. I'll open a web page and after 5 min when I'm accessing it, it is showing this sort of error.. I don't hav any clue that why this error occurs.. Plz, give me any idea???

use the below code and try
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
if u need more info kindly refer the link below,
http://blogs.msdn.com/tom/archive/2008/03/14/validation-of-viewstate-mac-failed-error.aspx
http://forums.asp.net/p/955145/1173230.aspx

I had the same issue, this is the two solutions I found and that might help if you are not using a WebFarm:
1. Disable ViewState MAC
On your page (.aspx) #Page directive you can add the attribute EnableViewStateMac="false". By doing this that will disable the check and then the issue will goes away.
Unfortunately Microsoft doesn't recommend to do this for security reasons:
This attribute should never be set to false in a production Web site,
even if the application or page does not use view state. The view
state MAC helps ensure the security of other ASP.NET functions in
addition to view state.
Source: Microsoft
2. Check HTML
There is a bug in ASP.Net causing this issue when the "action" attribute is set in your <form> tag. For example:
<form runat="server" action="page.aspx">
By removing this attribute that will remove the issue, so you should now have something like:
<form runat="server">
Obviously this solution may raise other issues, it depends on your application. One big problem is when using Ajax to load pages.
3. Avoid ViewStates
In some cases when using Ajax it could be very easy to get rid of ViewStates. You can send Ajax requests to your server for performing operations and then display the result, no need to use a ViewState. By doing this you won't have an issue about the ViewState validation.
I also found other suggestions on those pages that might help you if what said above doesn't fix your problem.

Hai vaishu,
Have a look at this validation-of-viewstate-mac-failed-error

Related

Validation of Viewstate MAC failed (Shared hosting Plesk)

I am using plesk'shared hosting server to host my website. Constantly getting ViewState MAC failed error
Plesk won't be able to provide any Machine Key. As it is shared hosting.
I have also attached the screenshot. please help.
Earlier This issue was coming in one page only. I have resolve it by converting it to JavaScript and ajax call in order to Stop AutoPostBack.
But now this is coming in many pagaes.
Add following link in your web.config file.
Above line should be included within section.
OR
if you don't want this solution to implemented on project level then you can add these attribute to the page(Top most line of HTML view) directive of the page which is creating issue.
That means you have to add enableEventValidation="false" viewStateEncryptionMode="Never" in page directive.

Failing to encrypt viewstateMAC

I need some explanation to this.
I've added a routing functionality to my website using the System.Web.Routing library. This has added some unexpected behaviors while trying to submit forms where an viewstateMAC error continuously is thrown. I've used the method in Appendix A to generate a clean machineKey and then located some of the problem to the use of view state encryption.
I'm now trying to set the view state encryption in my configuration file in order to pass the viewstateMAC correctly but I keep running into errors. If I set the parameter to 'Auto' or 'Never', the page simply reloads but never actually trigger any submit. On the other hand it seems as If the page is locked in PostBack as if I try to reload the page I get a confirmation box asking me if I want to post the form once again. If I set it to 'Always' I get a failed viewstatMAC in return. Either way nothing posts.
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" validateRequest="true" enableEventValidation="true" enableViewStateMac="false" enableViewState="true" viewStateEncryptionMode="Auto" maxPageStateFieldLength="400"/>
I guess the encryption is just a part of the problem. Either way I'd appreciate some explanations to why this error occurs while encrypting the viewstateMAC and what I should do to fix it.
I don't know if any code examples are required but please let me know if you want any.

"Validation of viewstate MAC failed. If this application is hosted by a Web Far..."

i am facing the dreaded:
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Error.
Ok so i looking it up and found that it can be caused by two things, viewState which can not be verified by the page, and/or events that can not be validated.
I put
<pages enableEventValidation="false" enableViewStateMac="false" viewStateEncryptionMode="Never">
In my web.config to stop the problem, but that hardly seems like a fix to me.
The thing is, i never even used viewState in my application. I know that asp.net uses viewstate by default to store some things, but i doubt the default values stored here will cause any errors.
I noticed that the problem seems to happen when i postBack and the page has not finished loading yet.
Thanks
Edit: Please, can someone test my website www.vittoriosaStarsNursery.com and see if you get the error i got above? I dont get it locally but people keep telling me they are getting it.
Isnt this just a case of putting a one liner in your web.config
<machineKey decryptionKey="A4B12CCDD50E95F8GB9GFH6JKAT4Y0U0I2OF2DF2AAFE5AB46189C,IsolateApps" validation="AES" validationKey="480CDF2AS9S9AS5CFDGF0GHFH9JJH4KHKAKLJ2L9F3SAS82A6C16911A29EF48903783F94529C21570AACB72766FB38CD4CE7B85B0ACE3149DC5FC1CCF1AA1CECE3579659996593B06,IsolateApps"/>
One thing I have come across that causes this issue has to do with the recycling intervals of the app-pools on the webserver.
I found this by looking at the event information in Eventviewer/Application logs and the "Task Category" called "Web Event". Then for the time period that this event took place I looked to see if there were any recycled events that took place just before that (Eventviewer/System logs and the "Source" called "WAS".
By default an app-pool will recycle every 1740 minutes (29 hours). If this recycle happened while a user is busy on the site and send post back to the server, the server no longer recognizes the session/viewstate and rejects what is being posted back.
To overcome this from our perspective is to set the recycle event to happen at a specific time of the day when we don't expect activity on the site. In our case 3am in the morning.
Hope that helps someone out there.
You're not going to like my answer. This error is basically unavoidable in webforms. My solution was to leave webforms for MVC3 and razor.
I noticed that the problem seems to happen when i postBack and the
page has not finished loading yet.
this is one of the easiest ways to cause this error. In ASP.NET 3.5 (or 4.0) there's a setting that you can make sure viewstate gets loaded very early in the page to try to help diminish it. It still doesn't solve it.
Chunking the viewstate doesn't solve it.
There is just something inherently wrong to the way webforms works that this error will plague your application at random times forever.
At my site, this meta tag were causing the error:
<base href="http://www.SITEURL.COM" />
I have a dropdown, I update on another dropdowns changed selection. So when the postback happened (dropdown #2 changed index), I got the exception.
I've tried everything else from applying machinekey to web.config and setting theese attributes at the page
EnableViewState="false" EnableViewStateMac="false"
I am using VS 2010 against a Windows Web Server 2008 and what I eventually found was that I had two keys set for the same service in the appSettings section of webconfig. I went to IIS and checked the Application Settings on the virtual directory and got an error, fixed it in the WebConfig and the problem resolved. I did create a machine key but that did not fix the problem. Nor did the
pages (...) validateRequest="false" enableEventValidation="false"
enableViewStateMac="false" viewStateEncryptionMode ="Never"/
Settings. FWIW ...
I used this Microsoft article to create my own machineKey validationkey and decryptionKey. As others have stated, this can be placed within the system.web section of web.config, though there are security concerns if other people get hold of the key.
Well, yes i suppose disabling encrypted viewstate solves the problem but i have never tested it nor do I advise it. Viewstate stores the state of controls and is also very convenient for storing persistent variables.
Take for example you work for a garage and have a list of jobs. You go to a page that lists the jobs. Now you click a job which goes to another page appending the jobid (eg. job.aspx?id=1). On that page, there is a checkbox which marks the job as complete. Once you tick that checkbox, it posts data back to same page and writes to the database that the job is complete. But how does the server know which job to mark as complete because you have only posted back true or false from the checkbox. However, if the first time you load the job details page you record the job id in Viewstate, then when you post pack the checkbox, you can read in the jobid from the viewstate.
Why is it not good to use unencrypted viewstate?
Imagine what the server has to do to mark the job as complete. It probably has to run an sql command to update the database. Something like UPDATE jobs SET completed=GETDATE() WHERE id=1.
If your viewstate wasnt encrypted and i could add my own job id, I would put something like '; DELETE FROM jobs;' which would then cancel out the initial UPDATE command and delete ALL your jobs... not very good for the garage :)

Error:A potentially dangerous Request.Form value was detected from the client-- Allowing JavaScript to be submitted

We have a site were trusted users can add some Javascript tracking code into a text box for submitting, so naturally we have turned off Validation by adding the ValidateRequest="false" into the Page Directive.
However it we seem to be getting the error again all of a sudden : A potentially dangerous Request.Form value was detected from the client , Now we cant add ValidateRequest="false" into the Config or the Master page this page inherits from. So how do I allow Javascript to be posted, what is overridding the ValidateRequest?
We are using .Net 3.5
Probably something else, not the Page, is triggering the error due to the breaking changes made in the framework.. if you can't edit the web.config I fear you're pretty much stuck.

Can I use Ajax and ASP.NET Tracing on the same page?

I'm using an Ajax update panel and have recently added ASP.NET tracing code to aid in debugging. All of the sudden I started getting PageRequestManagerParseErrorExceptions when any Ajax code is executed.
For example:
Trace.Write("Done setting employeeId.");
Apparently this is because I am not allowed to use "server tracing" along with Ajax. (according to this post by Eilon Lipton).
Is this true? Am I not allowed to use the awesome ASP.NET tracing mechanism? It would be a shame.
Setting pageOutput="false" on the trace element in web.config seems to solve the problem.
Use ASP.NET tracing, but rather write to the normal diagnostics trace by setting the writeToDiagnosticsTrace attribute to "true" (this is on the trace element in your web.config file).

Resources