locked
Mobile forms and viewstate error RRS feed

  • Question

  • User-618342567 posted

     Hi all,

    Hope someone can help with this - I am tearing my hair (singular) out.

    I developed an application using asp.net 2.0 and Mobile Controls. Up till now I have been testing it with a Pocket PC which runs a version of Internet Explorer.

    I'm trying to use the application now on a Samsung SGH-F700W which uses a web browser called NetFront 3.3 (this is being supplied by Vodafone in the UK as their answer to the iPhone).

    On several pages within the application I get the following error message:

    "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machine key> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."

    To save time, let me tell you some of the things I am aware of/have tried so far:

    1. I am not using a web farm or cluster.
    2. The application works find with Pocket PC.
    3. I am aware that some mobile browsers limit the size of hidden fields and this may be screwing up the viewstate field. To this end, I have overridden the PageStatePersister property in my mobile forms, and am using the SessionStatePersister. This has not resolved the problem.
    4. I have tried adding:

    <pages enableEventValidation="false" viewStateEncryptionMode ="Never" />

    to my web.config file (although I am aware this is not recommended). This also does not solve the problem.
    5. The browser does appear to be capable of supporting hidden fields, as I can see other hidden fields in the posted data.

    Any ideas?

    A more general question for those of you with more experience of a variety of mobile devices. Does anyone have an opinion on the use of viewstate in mobile applications that use Microsofts Mobile Controls? Is it just a bad idea? I would only have to support devices with an actual web browser that supports HTML, not mobile phones.

    Thanks for any suggestions given!

    Kind Regards

    James

    Tuesday, March 18, 2008 2:18 PM

Answers

  • User-1136466523 posted

    Hi,

    I think what you should do is try to modify the EnableViewStateMac attribute. 

    This attribute specifies whether ASP.NET should run a message authentication code (MAC) on the page's view state when the page is posted back from the client. A view state MAC is an encrypted version of the hidden variable that a page's view state is persisted to when sent to the browser. If true, the encrypted view state is checked to verify that it has not been tampered with on the client.

    And let’s turn back to your issue, you mentioned that the application works on PDA device, but it failed in some specific devices. What I can say is maybe these device does not support or provides limited support on the viewstate behaviors.

    Please try to set the EnableViewStateMac property to false.

    You also should probably reduce your viewstate size (< 1k), if you can not, then you probably need to set viewStateEncryptionMode to never and turn off enableEventValidation.

    The security you face is your site is easier to hack. because the viewstate is not encrypted, hackers can change values in the viewstate.

    Thanks.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, March 21, 2008 1:37 AM

All replies

  • User1634317999 posted

    Hello James,

    can you please give the URL of your application?

    Wednesday, March 19, 2008 4:14 AM
  • User-618342567 posted

    Thanks for your reply SKT, I'm trying to get permission to do this just now. In the meantime, any ideas anyone? 

    Wednesday, March 19, 2008 6:38 AM
  • User-618342567 posted

     Hi all

     I've resolved this problem by storing all viewstate data on the server, overriding the functions LoadPageStateFromPersistenceMedium() and SavePageStateToPersistenceMedium().

    An excellent worked example of how to do this is shown here. 

    http://aspalliance.com/articleViewer.aspx?aId=72&pId=

     Please note that this example uses standard web forms. If you're using mobile web forms, the RegisterHiddenField function does not work. You can use the HiddenVariables.Add function. This, however, inserts a prefix to whatever you hidden field name is, making it impossible to add a hidden field that is actually called "__VIEWSTATE". However, I have noticed that my code works fine whether or not I actually have a hidden field called __VIEWSTATE (touch wood!), so I think you're free to work out any other way of keying the viewstate data you've stored in your session (e.g. using a hidden field with a different name).

     
    Thank you SKT for you offer of assistance.

    Kind Regards

    James


     

     


     

    Thursday, March 20, 2008 6:03 AM
  • User-1136466523 posted

    Hi,

    I think what you should do is try to modify the EnableViewStateMac attribute. 

    This attribute specifies whether ASP.NET should run a message authentication code (MAC) on the page's view state when the page is posted back from the client. A view state MAC is an encrypted version of the hidden variable that a page's view state is persisted to when sent to the browser. If true, the encrypted view state is checked to verify that it has not been tampered with on the client.

    And let’s turn back to your issue, you mentioned that the application works on PDA device, but it failed in some specific devices. What I can say is maybe these device does not support or provides limited support on the viewstate behaviors.

    Please try to set the EnableViewStateMac property to false.

    You also should probably reduce your viewstate size (< 1k), if you can not, then you probably need to set viewStateEncryptionMode to never and turn off enableEventValidation.

    The security you face is your site is easier to hack. because the viewstate is not encrypted, hackers can change values in the viewstate.

    Thanks.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, March 21, 2008 1:37 AM
  • User-1210239562 posted

     I had this same problem but I found that is was something simple.

    I had some markup code commented out using

    <!--         ->

    Once I completely erased the commented code, the error went away.

     

    Thursday, September 11, 2008 4:32 PM
  • User2017013777 posted

    Thanks!!!


    That was the answer I have been looking for for days!

    Wednesday, June 16, 2010 10:05 AM