0

I'm trying to use a post method in a form using asp and C# , but Validation of viewstate MAC failed error happens here is my code :

<body>
  <div class="clearfix">
    <label>User Name : </label>
    <input id="u" runat="server"/>
  </div>
  <div class="clearfix">
    <label>Password : </label>
    <input id="p" runat="server" />
   </div>
   <asp:Button runat="server" Text="Enter"/>
   <label id="notificationLabel" />
</body>

i tried both adding machin key to web config that didnt work . just like this : 

<machinekey validation="SHA1" validationkey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1B2C3D4E5" decryption="Auto" decryptionkey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1" />

also in admin.aspx page i added these but still not working :

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="admin.aspx.cs" Inherits="admin" EnableEventValidation="false" ViewStateEncryptionMode="Never" ViewStateMode="Disabled" EnableViewStateMac="false" EnableViewState="false" %>
Majid khalili
  • 520
  • 1
  • 4
  • 24
  • With just code like this, you shouldn't have a problem with MAC validation (although the button and inputs should be `runat="server"`). To get the error, you need to be doing something wrong, like manually changing the viewstate or controls on client-side. – Luaan Mar 30 '15 at 12:56
  • i made both 'runat ="server"' but yet its not working and i get the "Validation of viewstate MAC failed" error – Majid khalili Apr 01 '15 at 10:26
  • Did you see [this](http://support.microsoft.com/en-us/kb/970459) by Microsoft? – Mark C. Apr 01 '15 at 11:32
  • :D , i just wanted to add that i tried this and it didnt help too – Majid khalili Apr 01 '15 at 11:35
  • Search first. http://stackoverflow.com/questions/2645468/how-to-disable-view-state-mac-globally And if you decide to go by this make sure to have your own xss validations on input – wonderbell Apr 01 '15 at 11:38
  • as i told before i add EnableViewStateMac="false" in the page but i get the error yet – Majid khalili Apr 01 '15 at 11:40
  • and what is xss validations ? – Majid khalili Apr 01 '15 at 11:40
  • in fact when i add EnableViewStateMac="false" EnableEventValidation="false" i get this : The state information is invalid for this page and might be corrupted. – Majid khalili Apr 01 '15 at 11:43
  • Sounds like you have multiple forms on the page. ASP.NET WebForms only supports a single form, which has to encompass all the `runat="server"` elements in the page. Or, you are manually modifying the form fields in JavaScript (`__VIEWSTATE`). – Luaan Apr 01 '15 at 11:49
  • 2
    You are supposed to keep the machinekey a secret so if this post is traceable back to your website then you better generate a new one :) – rtpHarry Apr 01 '15 at 11:59
  • This error can happen if a form is submitted before the page is completely loaded. I've seen it before on pages with very large viewstates (5+megs). Also you have no form tag for some reason. – asawyer Apr 01 '15 at 12:46
  • i'm sorry its late to answer , but i had a dead line for a wpf project and i was busy with that , but finally i could find this error by adding EnableViewStateMac="false" in the web config , but when i added it in the page it couldnt solve the problem i dont know why – Majid khalili Apr 22 '15 at 07:59

1 Answers1

1

just add :

  <pages enableViewStateMac="false" />

in the web config file .

Majid khalili
  • 520
  • 1
  • 4
  • 24
  • 1
    Make sure you understand the security ramifications of doing this. "This attribute should never be set to false in a production ...". https://msdn.microsoft.com/en-us/library/system.web.ui.page.enableviewstatemac%28v=vs.110%29.aspx – danielnixon Apr 22 '15 at 08:08
  • exactly this was my question because as i read its not a safe way and its the best way to invite hackers for you website , but nothing else worked for me , as u can see above i add machinkey manually but i dont know why it didint help – Majid khalili Apr 22 '15 at 08:10