开发者

Even with ASP.NET 3.5, I am getting "Validation of viewstate MAC failed" error

问答 作者:

I found a lost of posts to solve this error: "Validation of viewstate MAC failed". I read that it is a ASP.NET 2.0 error which is also a bug. But I am using VS 2008 with ASP.NET 3.5 SP1. Why this error is coming in this version also?

I am using ASP TextBox controls. Some posts have mentioned that ASP TextBoxes generate this error, so I have set AutoPostBack of each TextBox to False.

How to get rid of this mess?

Code Added Below **

* Default.aspx *

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="FlexStock._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <!--<%@ Register Assembly="MSCaptcha" Namespace="MSCaptcha" TagPrefix="cc1" %>-->
    <link rel="Stylesheet" type="text/css" href="~/Styles/main.css" />
    <title>FlexStock@.NET - Gamma Edition</title>
</head>
<body id="LoginPageBody" class="loginPageBodyClass">
<img id="imgProductLogo" src="Styles/stockist_gamma.png" style="text-align:center;text-shadow:black;margin-left:500px" alt="Product Logo"/>
    <form id="loginForm" runat="server" class="loginForm" action="./Forms/selectCompany.aspx" >
    <div id="divMainLoginPage" runat="server">
        <div class="label">
            <asp:Label ID="lblUserName" runat="server" CssClass="LabelControls" AssociatedControlID="txtUserName">User Name: </asp:Label>     
        </div>

        <div class="value">
            <asp:TextBox ID="txtUserName"开发者_如何学Go runat="server" CssClass="TxtStyle" Width="199px" AutoPostBack="false"></asp:TextBox>
        </div>

        <div class="label">
            <asp:Label ID="lblPassword" runat="server" CssClass="LabelControls" AssociatedControlID="txtPassword">Password: </asp:Label>     
        </div>

        <div class="value">
            <asp:TextBox ID="txtPassword" runat="server" CssClass="TxtStyle" TextMode="Password" Width="199px" AutoPostBack="false"></asp:TextBox>        
        </div>

        <div class="label">
            <asp:Label ID="lblCaptcha" runat="server" Text="Security Check"></asp:Label>
        </div>

        <div class="value">
           <!-- <cc1:CaptchaControl ID="ccJoin" runat="server" CaptchaBackgroundNoise="none" CaptchaLength="5" CaptchaHeight="60" CaptchaWidth="200" CaptchaLineNoise="None" CaptchaMinTimeout="5" CaptchaMaxTimeout="240" />  -->
        </div>

        <div class="label">
            <asp:Label ID="lblEnterCaptcha" runat="server" Text="Enter Value"></asp:Label>
        </div>

        <div class="value">
            <asp:TextBox ID="txtCaptcha" runat="server" CssClass="TxtStyle" Width="199px" AutoPostBack="false"></asp:TextBox><br /><br />
            <asp:Button ID="btnLogin" runat="server" Width="60" Text="Login" CssClass="BtnStyle"/>
        </div>
    </div>
    </form>
    <img id="img1" src="Styles/impact_logo.png" style="text-align:right;text-shadow:black;margin-left:800px" />
</body>
</html>

selectCompany.aspx **

<%@ Page Title="" Language="C#" MasterPageFile="~/master1.Master" AutoEventWireup="true" CodeBehind="~/Forms/selectCompany.aspx.cs" Inherits="FlexStock.Forms.selectCompany" EnableViewStateMac="false" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    <link rel="Stylesheet" type="text/css" href="../Styles/selectCompany.css" />
    <link rel="Stylesheet" type="text/css" href="../Styles/main.css" /> 

</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">

   <form id="frmSelectCompany" enableviewstate="false">
        <div id="label" class="label" style="width:300px">
            <asp:Label ID="lblSelectCompany" runat="server" Text="Select Company or Create New"></asp:Label>
        </div>
        <div id="btnCreate" style="text-align:right">
            <asp:Button ID="btnCreateNew" runat="server" Text="Create New" CssClass="BtnStyle" />
        </div><br />

        <div id="divGrid">
        </div>

    </form>

</asp:Content>

This is a pretty common error to see. It's a security feature in ASP.NET that prevents someone from injecting additional controls onto the page after it has rendered, and posting those controls back to the server. It makes your website harder to hack.

Are you creating any input controls through javascript? If so, don't. Create the controls normally inside the web form and wrap them in a <div style='display:none;'> and display them when you need them.

Are you creating any controls dynamically within C#? - If you are, you must create them inside Page_Init, not Page_Load, otherwise ASP.NET won't recognise them as valid.

You can disable this security measure by setting EnableViewStateMac=False at the top of the aspx page, but I strongly advise against it.

继续阅读:asp.net-3.5

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9