Validation of viewstate MAC failed

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
14 years ago
Out of 107 Validation of viewstate Mac errors,  I cleared my log only a few days ago.

not a single one shows a customer thats logged in,  but

Im also seeing these on products pages, search pages, category pages and the times seem to be grouped together.


I have a lot of other non nop asp.net apps on the same servers that log errors and haven't seen them except for my nop sites.

-K
0
14 years ago
I replaced all the machine keys on all my sites,   still getting the same amount of viewstate mac failed error,  plus I verified that each site is using a different one.

-Keith
0
14 years ago
Since this looks like a fairly common problem everywhere I started trying different things to see if anything would help.

The one thing that seems to make a difference is generating the machine key on the shared server instead of a different machine.   Not sure why but it seemed stop the error from happening.  I do have 2 sites on the same machine so I always generated a new machinekey.

I created a page in /administration called GenerateMachineKey.aspx and added the following to the .aspx


<asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Width="800" Height="200"></asp:TextBox>
    <br />
    <asp:Button ID="Button1" runat="server" Text="Generate Machine Key" onclick="Button1_Click" />


then to the .cs


public partial class GenerateMachineKey : BaseNopAdministrationPage  // <- dont forget to set this.
    {
        static RNGCryptoServiceProvider srng = new RNGCryptoServiceProvider();
        // 64 bytes is max size supported by ASP.NET
        const int validationKeyLength = 64;
        // 24 bytes is max size supported by ASP.NET (3DES)
        const int decryptionKeyLength = 24;

        static string GenerateKey()
        {
            StringBuilder sb = new StringBuilder();
            sb.Append("<machineKey validationKey='");

            sb.Append(writeKeyAsHexDigits(getRandom(validationKeyLength)));

            sb.Append("'");
            sb.Append("   decryptionKey='");

            sb.Append(writeKeyAsHexDigits(getRandom(decryptionKeyLength)));

            sb.Append("'");
            sb.Append("   validation='SHA1'/>");
            return sb.ToString();
        }

        static byte[] getRandom(int cb)
        {
            byte[] randomData = new byte[cb];
            srng.GetBytes(randomData);
            return randomData;
        }

        static string writeKeyAsHexDigits(byte[] key)
        {
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < key.Length; ++i)
            {

                sb.Append(String.Format("{0:X2}", key[i]));

            }
            return sb.ToString();
        }


        protected void Button1_Click(object sender, EventArgs e)
        {
            TextBox1.Text = GenerateKey();
        }
    }


I ran this on each website and copied it to each web.config.   so far most of the day no errors.  i did recycle the app pool each time

-Keith
0
14 years ago
Keith,

Thanks for the information. Please keep us up to date. I would love to get this problem solved. If it works I will be adding it to my website.
--------------------
Brian Weston
EDCOR Electronics Corporation
www.edcorusa.com
0
14 years ago
Still looking good,  got 4 pages of The file '/products/default.aspx' does not exist. but zero Mac failed errors

Ill check again first thing in the am.

-Keith
0
14 years ago
Just got the error again,  but seems to be a lot less then before.  once out of 120+ errors,   most are the image error on the product page and the This is an invalid webresource request.

I think it helped,  ill still continue to keep an eye on it.

-Keith
0
14 years ago
SonicImaging wrote:
Just got the error again,  but seems to be a lot less then before.  once out of 120+ errors,   most are the image error on the product page and the This is an invalid webresource request.

I think it helped,  ill still continue to keep an eye on it.

-Keith


Please post the complete code because I am getting errors like - I am missing assemblies.

Plz post complete code of this page .aspx and .aspx.cs
nopCommerce - Amazing Project
Thank You nopcommerce team !
0
14 years ago
Full code

GenerateMachineKey.asxp  in /Administration/

<%@ Page Title="" Language="C#" MasterPageFile="~/Administration/main.master" AutoEventWireup="true" CodeBehind="GenerateMachineKey.aspx.cs" Inherits="NopSolutions.NopCommerce.Web.Administration.GenerateMachineKey" %>
<asp:Content ID="Content1" ContentPlaceHolderID="cph1" runat="server">
    <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Width="800" Height="200"></asp:TextBox>
    <br />
    <asp:Button ID="Button1" runat="server" Text="Generate Machine Key" onclick="Button1_Click" />
 </asp:Content>


Then GenerateMachineKey.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Cryptography;
using System.Text;

namespace NopSolutions.NopCommerce.Web.Administration
{
    public partial class GenerateMachineKey : BaseNopAdministrationPage
    {
        static RNGCryptoServiceProvider srng = new RNGCryptoServiceProvider();
        // 64 bytes is max size supported by ASP.NET
        const int validationKeyLength = 64;
        // 24 bytes is max size supported by ASP.NET (3DES)
        const int decryptionKeyLength = 24;

        static string GenerateKey()
        {
            StringBuilder sb = new StringBuilder();
            sb.Append("<machineKey validationKey='");

            sb.Append(writeKeyAsHexDigits(getRandom(validationKeyLength)));

            sb.Append("'");
            sb.Append("   decryptionKey='");

            sb.Append(writeKeyAsHexDigits(getRandom(decryptionKeyLength)));

            sb.Append("'");
            sb.Append("   validation='SHA1'/>");
            return sb.ToString();
        }

        static byte[] getRandom(int cb)
        {
            byte[] randomData = new byte[cb];
            srng.GetBytes(randomData);
            return randomData;
        }

        static string writeKeyAsHexDigits(byte[] key)
        {
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < key.Length; ++i)
            {

                sb.Append(String.Format("{0:X2}", key[i]));

            }
            return sb.ToString();
        }


        protected void Button1_Click(object sender, EventArgs e)
        {
            TextBox1.Text = GenerateKey();
        }
    }
}
0
14 years ago
I followed your steps, uploaded the page on the server, generated the code and pasted it in webconfig like this:

</appSettings>
  <connectionStrings configSource="ConnectionStrings.config"/>
  <urlrewritingnet configSource="UrlRewriting.config"/>
  <system.web>
    <machineKey validationKey='C34E10849D7HG5677JG6HG6H6HK67H6ECA8A567D970F801HGDF45HF56HGF6J72207F27E9FF63661ABF1D5521BFEFE51873C90D4F256G7JHG67JHG7JFLKC85206A83A60CDACDF801'   decryptionKey='D20F5K6KH67K0DF8F66C05CF5076EE1542F066912A875'   validation='SHA1'/>
    <httpRuntime maxRequestLength="51200" requestValidationMode="2.0"/>


I did recycle the app pool, but still I am getting MAC errors ?

I have other websites too but I get this error in the nopCommerce website only.
nopCommerce - Amazing Project
Thank You nopcommerce team !
0
14 years ago
not sure if this matters,  but I put mine between </pages> and httpHandlers

    </pages>
  <machineKey validationKey='78F8AFCC6870158673698942540195FE7860144E480205D36EFCD5B3369793B9407090A3E32375CA2A4DA2EAAE8719657C584F4B41F3E30D48377F7EC90E9247' decryptionKey='0D901A77A9E04B1D2AEE01BD1FC792F85FF634173267CB7B' validation='SHA1'/>
  <httpHandlers>

-K
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.