Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDevelopment and...Development and...Getting StartedGetting StartedValidation of Viewstate MAC failed error with session timeoutValidation of Viewstate MAC failed error with session timeout
Previous
 
Next
New Post
5/15/2014 3:23 PM
 

I have a module that I am developing that gives an error only if a user is logged in, idles at a page too long, then does an action that causes a postback, the "critical error" warning will show up. Behind the scenes, this is caused by a Validation of Viewstate MAC failed. I believe this is related to how DNN stores the user in the viewstate to prevent cross-site forgery. At the end of this article http://www.dnnsoftware.com/wiki/loc/print/page/viewstate it shows enableEventValidation="false". I do not want to do that for security reasons.

This page/module can be accessed without logging in. If the user does not login, the page/module works fine, no matter how long it has been idle, so I pretty sure this relates to the ViewStateUserKey. How can this error be properly caught and handled, preferably without losing what was already entered on the form?

 
New Post
5/19/2014 7:30 AM
 
there's no good way to catch it as the error is thrown very early in the asp.net lifecycle -you can mitigate against it by raising the timeout value of the forms node in web.config. Viewstateuserkye (as it's name suggests) is set per user and only set on authenticated (logged in users)

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
5/19/2014 12:00 PM
 

So you are saying that nothing can be done (aside from raising the timeout value which adds a security risk, particularly for public workstations)? Isn't there a way to catch an error in Viewstateuserkey and do a redirect? That was going to be my workaround, but I thought there must be a more elegant way.

 
New Post
5/20/2014 5:19 AM
 
the last time I looked at catching the exception and redirecting (a few years ago admittedly) it wasn't possible, primarily as asp.net had thrown the exception before page processing began (as it's a security mechanism that's best practice). Typically this issue only manifests on very slow loading pages (e.g. large reports that support filtering) - if you're seeing it on a "normal" page I suggest looking at what's happening via a http proxy such as fiddler - this may reveal that the page is not completing to load for some reason (I've seen cases where page backgrounds were hundreds of meg's in size so hadn't finished loading - and I've also seen cases where the page had multiple invalid tags, typically form or body, that caused an invalid page to be created and postbacks to fail)

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
5/21/2014 11:56 AM
 
This is not a problem on a slow loading page nor with invalid tags.(For your information, the page loads in 80 ms with a logged in user). As I have said, the only issue happens when a user is logged on, the page is idle for too long and then postbacks. I don't know how to state this more clearly. If the user is logged in, and stays active, all the functions work, no error is raised. If the user is not logged into DNN, the page functions properly no matter whether the user is interacting with it or not; they can leave it idle for as long as wanted, then do a postback, and everything functions fine. The only problem relates to how DNN sets the ViewStateUserKey, which ultimately becomes invalid after a logged in user leaves a page idle for too long.
 
Previous
 
Next
HomeHomeDevelopment and...Development and...Getting StartedGetting StartedValidation of Viewstate MAC failed error with session timeoutValidation of Viewstate MAC failed error with session timeout


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out