禁用ASP.NET EventValidation
[英]Disabling ASP.NET EventValidation
问题描述
We're tired of getting exceptions regarding "Invalid postback or callback argument" in our web app. 
我们已经厌倦了在我们的网络应用程序中获得有关“无效回发或回调参数”的例外情况。 What scenario(s) causes this error? 什么情况会导致此错误?
After talking to users, we've determined that one possible cause of this is when they click something that causes a postback, and then click something else before the initial postback completes. 在与用户交谈之后,我们确定一个可能的原因是当他们点击导致回发的内容时,然后在初始回发完成之前单击其他内容。
What is the harm in disabling event validation? 禁用事件验证有什么危害? For what it's worth, we have SecureIIS installed for increased security. 为了它的价值,我们安装了SecureIIS以提高安全性。
UPDATE : In some places, we use Javascript to modify certain controls values, such as a drop-down list options (we do this to make a better user experience - less postbacks). 更新 :在某些地方,我们使用Javascript来修改某些控件值,例如下拉列表选项(我们这样做是为了提供更好的用户体验 - 更少的回发)。 This is likely causing the error. 这可能导致错误。 We have strict edits in place for all user input, so we are going to proceed with disabling EventValidation. 我们对所有用户输入都进行了严格的编辑,因此我们将继续禁用EventValidation。 Thank you! 谢谢!
2 个解决方案
解决方案1
8 已采纳 2009-02-12 17:00:16
Event Validation verifies that the values have not been tampered with manually, eg outside the scope permitted by the controls involved. 事件验证验证值是否未被手动篡改,例如超出所涉及控件允许的范围。 For example, if you have a drop-down list with three choices 1, 2, or 3... if the user (or malicious middleman) changes the value to 4, validation will fail. 例如,如果您有一个包含三个选项1,2或3的下拉列表...如果用户(或恶意中间人)将值更改为4,则验证将失败。
As long as you are doing your own checking in each handler to ensure incoming values are valid, and your code is structured in such a way that unexpected input will cause nothing to happen (safest), you will be fine with validation turned off. 只要您在每个处理程序中进行自己的检查以确保传入的值有效,并且您的代码的结构使得意外输入不会导致任何事情发生(最安全),您可以在关闭验证时使用。
解决方案2
0 2010-07-31 17:15:44
FWIW,我已经安装了SecureIIS多年,并且没有遇到任何这些问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.