堆栈内存溢出
  简体   繁体   English

修复CSRF时验证ViewState MAC失败错误

[英]Validation of viewstate MAC failed error when fix CSRF

 原文  2013-12-24 04:25:20       c#/ asp.net/ csrf

问题描述

I fix Cross-Site Request Forgery (CSRF). 我修复了跨站请求伪造(CSRF)。 In OnInit method of masterpage: 在主页的OnInit方法中: 

if (requestCookie != null && Utility.GuidTryParse(requestCookie.Value, out requestCookieGuidValue))
{
    _antiXsrfTokenValue = requestCookie.Value;
    Page.ViewStateUserKey = _antiXsrfTokenValue;
}
Page.PreLoad += master_Page_PreLoad;

In master_Page_PreLoad I validate 在master_Page_PreLoad中,我验证 

        if ((string)ViewState[AntiXsrfTokenKey] != _antiXsrfTokenValue || (string)ViewState[AntiXsrfUserNameKey] != (Context.User.Identity.Name ?? String.Empty))
        {
            logCSRF.Info("Error CSRF " + CurrentSession.CurrentUser.user_id);
            Response.Redirect(Constants.DefaultPage.LoginPage);
        }

After validate I reset antiXsrfTokenValue and value of cookie: 验证后,我重置antiXsrfTokenValue和cookie的值: 

 _antiXsrfTokenValue = Guid.NewGuid().ToString("N");
 Response.Cookies[AntiXsrfTokenKey].Value = _antiXsrfTokenValue;

Exception thow " Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. " 异常,“ 验证视图状态MAC失败。如果此应用程序由Web场或群集托管,请确保配置指定相同的validationKey和验证算法。AutoGenerate不能在群集中使用。

Why has this exption?Resolve? 为什么有这个expute?Resolve?

Thanks for help me! 谢谢帮我!

2 个解决方案

解决方案1
 0  2013-12-24 19:01:25

Allow me to elaborate, 请允许我详细说明

When you deploy an asp.net web app into an environment with multiple servers, each servers machine.config or web.config must specify the same key used for encrypting the view state. 将asp.net Web应用程序部署到具有多个服务器的环境中时,每个服务器machine.config或web.config必须指定用于加密视图状态的相同密钥。 The view state is encrypted for security reasons and each machine.config on each web server will have a different key so they must all be the same. 出于安全原因,视图状态已加密,并且每个Web服务器上的每个machine.config将具有不同的密钥,因此它们必须全部相同。 Best way is to add a machineKey element into each of the web server's web.config and define the same keys and algorithm. 最好的方法是在每个Web服务器的web.config中添加一个machineKey元素,并定义相同的密钥和算法。 The machineKey goes under the System.web node. machineKey位于System.web节点下。

I found a couple of resources that may explain it or answer it a bit better that myself. 我找到了一些资源,可能比我本人可以解释或回答得更好。

Validation of viewstate MAC failed.Application hosted by a Web Farm, ensure configuration 验证视图状态MAC失败。由Web场托管的应用程序,请确保配置

asp.net asp.net

解决方案2
 -1  2013-12-24 05:22:07

尝试在您的web.config文件的部分中添加此字符串: 

<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 验证视图状态MAC失败-视图状态错误 - Validation of viewstate MAC failed -View State Error 得到错误:“ viewState MAC验证失败。” - Getting error: “Validation of viewState MAC failed.” 验证视图状态MAC失败 - Validation of viewstate MAC failed 验证视图状态MAC失败 - Validation of viewstate MAC failed 验证视图状态MAC失败 - Validation of viewstate MAC failed 验证ViewState MAC失败 - Validation of ViewState MAC Failed 设置ViewStateUserKey会给我一个“viewstate MAC failed的验证”错误 - Setting ViewStateUserKey gives me a “Validation of viewstate MAC failed” error 验证视图状态MAC失败-单独1个用户发生错误 - Validation of viewstate MAC failed - Error Occurs for 1 User Alone 验证视图状态MAC失败 - “/”应用程序中的服务器错误 - Validation of viewstate MAC failed- Server Error in '/' Application 验证Viewstate MAC失败的ASP.NET - Validation of viewstate MAC failed ASP.NET
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM