Validation of viewstate MAC failed
When adding a SharePoint webpart or an existing webpart’s properties we occasionally came across the following error. We did not use a web farm and none of the other suggestions in the error message made any sense in our case. We came across some solutions to this, which I’d like to share with you.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
The easiest solution would be to just disable the ViewStateMac in your web.config file. But what does this actually mean? Setting this value to true means that ASP.NET should run a message authentication check (MAC) on the page’s view state when the page is posted back from the client. Setting it to false simply means that it will not perform the check. However, be aware of the consequences this might hold, because it might entail a security risk. After all, you disabled the check that verifies if your viewstate hasn’t been modified by an attacker. If this doesn’t do the trick you could always disable validation altogether.
But fully disabling validation of your viewstate could cause an even bigger security risk. Normally, a control registers its events when the page is being rendered and then validates the events during the post-back. Disabling this check skips the validation, so an attacker could spoof a postback that does not occur from a valid event and corrupt your application.
So far I have yet to find a solution that doesn’t come with a security risk of some sort. Hopefully at some point I will.
Steven is een afgestudeerd Software Engineer en heeft een baan als .NET ontwikkelaar. Fan van wielrennen, doet zelf aan mountainbiken, speelt wanneer hij zin heeft op zijn gitaar en Xbox 360. Probeert met enige regelmaat te bloggen over vanalles en nog niets.
Tweet er over
Plaats op Facebook
RSS Feed
Print deze post
161x bekeken
Recente reacties...
Rens: Ben het met je eens dat Kick-Ass de film van 2010 is. Gewoon bruut, onverwachts en... »
Dennis Laumen: Wegens een schreeuw om aandacht zal ik dan ook nog maar even een reactie... »
Oppie: As usual I’m in agreement, except in the case of games; I do think 3D can... »
Oppie: Allereerst; bedankt voor de plug. :) Ten tweede, laat me niet beginnen over... »
Categorieën
Ik heb iets te zeggen!