Last post Jun 16, 2010 10:05 AM by mariascandella
Mar 18, 2008 02:18 PM|jamest|LINK
Hope someone can help with this - I am tearing my hair (singular) out.
I developed an application using asp.net 2.0 and Mobile Controls. Up till now I have been testing it with a Pocket PC which runs a version of Internet Explorer.
I'm trying to use the application now on a Samsung SGH-F700W which uses a web browser called NetFront 3.3 (this is being supplied by Vodafone in the UK as their answer to the iPhone).
On several pages within the application I get the following error message:
"Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machine key> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."
To save time, let me tell you some of the things I am aware of/have tried so far:
1. I am not using a web farm or cluster.
2. The application works find with Pocket PC.
3. I am aware that some mobile browsers limit the size of hidden fields and this may be screwing up the viewstate field. To this end, I have overridden the PageStatePersister property in my mobile forms, and am using the SessionStatePersister. This has not
resolved the problem.
4. I have tried adding:
<pages enableEventValidation="false" viewStateEncryptionMode ="Never" />
to my web.config file (although I am aware this is not recommended). This also does not solve the problem.
5. The browser does appear to be capable of supporting hidden fields, as I can see other hidden fields in the posted data.
A more general question for those of you with more experience of a variety of mobile devices. Does anyone have an opinion on the use of viewstate in mobile applications that use Microsofts Mobile Controls? Is it just a bad idea? I would only have to support
devices with an actual web browser that supports HTML, not mobile phones.
Thanks for any suggestions given!
Validation of viewstate MAC failed
Mar 19, 2008 04:14 AM|SKT_01|LINK
can you please give the URL of your application?
Mar 19, 2008 06:38 AM|jamest|LINK
Thanks for your reply SKT, I'm trying to get permission to do this just now. In the meantime, any ideas anyone?
Mar 20, 2008 06:03 AM|jamest|LINK
I've resolved this problem by storing all viewstate data on the server, overriding the functions LoadPageStateFromPersistenceMedium() and SavePageStateToPersistenceMedium().
An excellent worked example of how to do this is shown here.
Please note that this example uses standard web forms. If you're using mobile web forms, the RegisterHiddenField function does not work. You can use the HiddenVariables.Add function. This, however, inserts a prefix to whatever you hidden field name is,
making it impossible to add a hidden field that is actually called "__VIEWSTATE". However, I have noticed that my code works fine whether or not I actually have a hidden field called __VIEWSTATE (touch wood!), so I think you're free to work out any other way
of keying the viewstate data you've stored in your session (e.g. using a hidden field with a different name).
Thank you SKT for you offer of assistance.
Mar 21, 2008 01:37 AM|Nai-Dong Jin - MSFT|LINK
I think what you should do is try to modify the EnableViewStateMac attribute.
This attribute specifies whether ASP.NET should run a message authentication code (MAC) on the page's view state when the page is posted back from the client. A view state MAC is an encrypted version of the hidden variable that a page's view state is persisted
to when sent to the browser. If true, the encrypted view state is checked to verify that it has not been tampered with on the client.
And let’s turn back to your issue, you mentioned that the application works on PDA device, but it failed in some specific devices. What I can say is maybe these device does not support or provides limited support on the viewstate behaviors.
Please try to set the EnableViewStateMac property to false.
You also should probably reduce your viewstate size (< 1k), if you can not, then you probably need to set viewStateEncryptionMode to never and turn off enableEventValidation.
The security you face is your site is easier to hack. because the viewstate is not encrypted, hackers can change values in the viewstate.
Sep 11, 2008 04:32 PM|dcuffee|LINK
I had this same problem but I found that is was something simple.
I had some markup code commented out using
Once I completely erased the commented code, the error went away.
Jun 16, 2010 10:05 AM|mariascandella|LINK
That was the answer I have been looking for for days!