|
Rank: Advanced Member Groups: Member
Joined: 6/5/2007 Posts: 76
|
Everything works perfect on local machine but when on server I get these errors at random
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
If I turn OFF automatic post back then it seems to work. If it is ON I get errors at random.
google says that it seems to be that the form is being post backed before the page has finished working. Therefore causing a viewstate error.
Note, that this is a single server and not in a cluster or webfarm.
Is the postback perhaps being fired to soon. How can I delay it?
|
|
Rank: Advanced Member Groups: Member
Joined: 2/11/2008 Posts: 37
|
Try adding the following to your page declaration and see if you get the problem still:
Code: HTML/ASPX
EnableEventValidation="false" ViewStateEncryptionMode="Never"
If this fixes the problem but you need event validation and/or viewstate encryption, you'll have to look at more complicated solutions which move some of the hidden fields from the bottom of the page to the top of the page.
|
|
Rank: Advanced Member Groups: Member
Joined: 6/5/2007 Posts: 76
|
Yep!
Pulled that off google and it seems to work, but I think this is a dirty fix rather than a solution, as turning those things off could cause problems of their own.
What do you mean by move hidden fields? I don't have any hidden fields just a few text boxes and the uploader.
|
|
Rank: Advanced Member Groups: Member
Joined: 2/11/2008 Posts: 37
|
The reason those "dirty fixes" work is because event validation creates its own hidden field at the bottom of your page. It's not there are design-time, just at run-time. When the page tries to postback before that hidden field is rendered, BAM you get an error. It's a microsoft bug if I do say so. If they would have rendered the silly field at the top nobody would be having this problem.
The reason for turning off viewstate encrypt is because if you have it on, and you have any control which uses DataKeys property, a hidden field is added at run-time to the bottom of your page which basically tells the system to make sure to encrypt the datakeys. This causes the same problem as above.
If you aren't using DataKeys on a page, keep the viewstate encrypted. If this is an intranet app, then you shouldn't have to worry about disabling event validation. That didn't even exist in .Net 1.x. Nothing will break because you disable event validation, it is just "less secure", not that I found it to be particularly secure, you should be validating your input anyway which to me renders their event validation as just an error-prone piece of excess.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,218
|
Code Monkey, thank you very much for sharing your in-depth knowledge on this matter!
|
|
Rank: Advanced Member Groups: Member
Joined: 6/5/2007 Posts: 76
|
Thanks
I'll turn it off and see how it goes.
I don't have a datakey on the page, just the uploader and two text boxes. Curious thing is that this only happens on the server, not locally, and then only when using the uploader, not on any other page of the website, including pages that make heavy use of dataviews.
Do you know how to switch this off just for the page behind (vb), as putting it in the web.config affects the whole site including pages that I will need encrypted.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,218
|
Paul Creedy wrote:Do you know how to switch this off just for the page behind (vb), as putting it in the web.config affects the whole site including pages that I will need encrypted. Hi Paul, I am not sure if I got your question correctly, but my understanding is Code Monkey's original reply is exactly about how to turn the validation off on a single page. <machineKey> is a related but different issue. I do not believe you can set <machineKey> on a per page basis. The very purpose of this setting is to have pages on the whole site or even multiple sites to use the same key to encrypt data. So if every page can have their own different key, it would render this option useless. Thanks
|
|
Rank: Advanced Member Groups: Member
Joined: 6/5/2007 Posts: 76
|
Hi
I set the code as code monkey and 'google' suggested, but in the web.config file of the site inside the <page .....> tag. <page EnableEventValidation="false" ViewStateEncryptionMode="Never" />
So that effects the whole site as it's in the web.config
I didn't realise you could apply the same code to the top of the individual page inside the page declaration instead of in the web.config
The penny didn't drop until I read the post again as I'd already set it in the web.config during a search on google.
|
|