1

I have handled the Cross Site Request Forgery in my Web Application. I'm setting Page.ViewStateUserKey to a token and every time I will validate this.

All is working fine. But When Someone is trying to attack on application, I get this error on Page.

Server Error in '/' Application.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

So Whenever this error occurs I want to redirect page to some error page. I'm not able to do this, Please help me.

Full Exception Message:

Server Error in '/' Application.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

See http://go.microsoft.com/fwlink/?LinkID=314055 for more information.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: 

System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

See http://go.microsoft.com/fwlink/?LinkID=314055 for more information.

Source Error:


[No relevant source lines]


Source File: c:\Users\vivek.nuna\AppData\Local\Temp\Temporary ASP.NET Files\root\a43ffebf\466ecc6a\App_Web_li3kudc3.0.cs    Line: 0

Stack Trace:


[ViewStateException: Invalid viewstate. 
    Client IP: ::1
    Port: 
    Referer: 
    Path: /CreateMerchantPage.aspx
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
    ViewState: /wEPDwUJLTY5MTA0ODQzDxYCHg9PbGRNZXJjaGFudE5hbWVkFgJmD2QWAgIDD2QWAgIBD2QWCAIBD2QWBmYPFgIeEENhdXNlc1ZhbGlkYXRpb25oZAIBDxYCHwFoZAICDxYCHwFoZAIDD2QWBAIBD2QWAgIBDxYCHgdWaXNpYmxlaGQCAw9kFgYCDQ9kFgJmDxYCHgRocmVmBRlDcmVhdGVVc2VyTWFzdGVyUGFnZS5hc3B4ZAITDxYCHwJoZAIVDxYCHwJoZAILD2QWEgIBD2QWAmYPZBYCZg9kFgJmD2QWDGYPZBYEAgIPDxYCHwJoZGQCAw8PFgIfAmhkZAIED2QWBAIBD2QWAmYPEA8WBh4NRGF0YVRleHRGaWVsZAUFVmFsdWUeDkRhdGFWYWx1ZUZpZWxkBQNLZXkeC18hRGF0YUJvdW5kZ2QQFQQETm9uZQVMb2NhbAhSZWdpb25hbAhOYXRpb25hbBUEATAEMTAwMAQxMDAxBDEwMDIUKwMEZ2dnZ2RkAgMPZBYCZg8QZBAVAQAVAQAUKwMBZxYBZmQCBQ9kFgQCAQ9kFgJmDxBkEBUBABUBABQrAwFnZGQCAw9kFgJmDxBkEBUBABUBABQrAwFnZGQCBw9kFgQCAQ9kFgJmDxAPFgYfBAUFVmFsdWUfBQUDS2V5HwZnZBAVHQROT05FA0FVRANCSEQDQ0FEA0RLSwNIS0QDSU5SA0lMUwNKUFkDSk9EA0tSVwNLV0QDTVlSA09NUgNOWkQDTk9LA1FBUgNSVUIDU0FSA1NHRANaQVIDU0VLA0NIRgNUSEIDQUVEA0VHUANHQlADVVNEA0VVUhUdATACMzYCN...]

[HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

See http://go.microsoft.com/fwlink/?LinkID=314055 for more information.]
   System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +116
   System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose) +432
   System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose) +8
   System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose) +40
   System.Web.UI.HiddenFieldPageStatePersister.Load() +248
   System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +272
   System.Web.UI.Page.LoadAllState() +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6704
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +245
   System.Web.UI.Page.ProcessRequest() +72
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +58
   ASP.createmerchantpage_aspx.ProcessRequest(HttpContext context) in c:\Users\vivek.nuna\AppData\Local\Temp\Temporary ASP.NET Files\root\a43ffebf\466ecc6a\App_Web_li3kudc3.0.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +341
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34237
user3932010
  • 11
  • 1
  • 4
  • This is the answer http://stackoverflow.com/a/2551810/159270 but I will not flag as dublicate, is some one else more informations to offer. – Aristos Sep 23 '14 at 09:53
  • Tired the same,but still I'm getting the same error instead of redirecting to some page. – user3932010 Sep 23 '14 at 10:07
  • 1
    Maybe you do not make it the correct way, you need to add the code found here : http://stackoverflow.com/a/2551810/159270 and this class `BasePage : System.Web.UI.Page`, and then change on your page the `System.Web.UI.Page` class with the `BasePage`. This is work for sure, so find what you do not have made as on example. – Aristos Sep 23 '14 at 12:42

0 Answers0