程序发布到虚拟主机上,出现错误:
验证视图状态 MAC 失败。如果此应用程序由网络场或群集承载,请确保 <machineKey> 配置指定了相同的 validationKey 和验证算法。不能在群集中使用 AutoGenerate。
这一情况经常出现在一台windows 7 ie8的电脑上,偶尔出现在我的Chrome浏览器上。(当然,与客户端操作系统或浏览器版本无关)
排错过程:
1. 添加
<pages enableeventvalidation="false"
viewstateencryptionmode="Never">
结果:错误仍存在。因为即使禁用ViewState,页面还是至少有一个ViewState。出于安全考虑,该方法也不合适。
2. 显然,该应用程序并不是由网络场或集群承载,但还是在Web.Config中添加machineKey。
结果:第二天错误仍存在。
3. 搜索到这篇文章http://blogs.msdn.com/b/tom/archive/2008/03/14/validation-of-viewstate-mac-failed-error.aspx,列举了原因与解决方法:
原因:
a. You aren't using a web farm.
b. It appears when using built-in databound controls such as GridView, DetailsView or FormView which utilize “DataKeyNames”.
c. It appears if you have a large page which loads slowly for any reason.
很明显,排除原因1。也排除原因2,因为出错的是一个简单的登录页面,使用input表单。但是,原因3也不适用,因为页面只有几百K,而且网速不慢。
方法:
a. Set enableEventValidation to false and viewStateEncryptionMode to Never as follows
尝试过,无效。
b. Another way around the problem is to mark the form as disabled and then enable it in script once the load is complete
Or you can disable the individual form elements and enable them once everything is loaded
这个是为了防止由于网速过慢,页面未加载完,而用户在此过程中进行了引起ViewState验证的操作(如点击了提交按钮)。
c. The last way to workaround this problem is to override the Render Event of the page to place the hidden fields for Encrypted Viewstate and Event validation on the top of the form. This will ensure that these things get written out before anything that can submit the form
试了这个方法,在IE6下,出现js错误。
d. 使用.Net 3.5 SP1(.Net 2.0 SP2)
未尝试。
4. 文章评论中还提到了另一个原因:
Had the same issue. After much digging, found it was caused by the form having a different action to the current URL due to URL Rewriting.
...
当然,这也不是我的程序出现这个错误的原因。
5.Hans的评论启发了我
Tom, do you understand WHY the machineKey should be the same on all servers in a web farm or cluster? The reason is that the viewstate is encrypted using the machine key. Once you inderstand that, then you would als understand why a machine key should be added when you only have 1 server instead of using your "workaround". Becaue when you don't use a machineKey, ASP.NET will generate one for you. Which i no problem untill the ASP.NET worker process recycles. When this happens between 2 postbacks, the viewstate which has been encrypted using the first generated machine key cannot be decrypted anymore using the newly generated machine key, resulting in thi error. So adding a machineKey will solve thi error withhout uing your workarounds.....
所以,问题就在于浏览器使用的页面通过一个旧的machineKey加密,而服务器端使用一个新的machineKey(由于服务器重启,回收等)解密。
可是,加上machineKey以后还是出错?
因为,在那台机子上,浏览器检查所存网页的较新版本的设置为从不。浏览器所显示的网页使用自动生成的machineKey进行加密,而此时服务器使用的是一个新生成(或固定)的machineKey,与它不同,所以经常出错。而我的浏览器该设置为自动,所以偶尔出错。
因此,修改此浏览器的设置为自动,并添加machineKey。只要浏览器上缓存的网页为添加machineKey之后产生的网页,我认为就不会再出现这个错误。
283
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
