I currently have a .net web application on a cluster based system (Rackspace cloud). In web config I have set up the following machine key.
<machineKey validationKey='DE0...etc'
decryptionKey='A97...etc'
validation='SHA1'/>
We were getting a quite a few of the following errors on a daily basis:
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I did a bit of Googling and added the following. This has stopped all the previous errors. However it may open the door for various hacking attacks.
<pages enableViewStateMac="false">
However I am finding now that I get the following errors
The state information is invalid for this page and might be corrupted.
I am trying to work out what may be causing these two types of errors. Are they bots? Are they 开发者_JS百科genuine web users? Are they hacking/malware attempts? Is this a normal occurrence and I should just ignore them...
Can anyone shed any light on this?
I don't think they are Malware/hacking attempts - I have sometimes seen those myself when browsing sites.
The general cause I've seen is that the page hasn't completed loading before the user initiates a postback - there is a hidden field that is rendered at the bottom of the form, and if that hasn't been rendered to the browser when the user clicks a button, the server will reject the viewstate.
There's quite an in-depth post about the issue, and some work-arounds here:
Validation of viewstate MAC failed error
精彩评论