Server Error in '/' Application.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I've looked through countless of previous questions and I haven't managed to get it working.
I've edited my web.config file and included a generated key at no success.
Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<machineKey validationKey="E91A16E07A8D628F1F1397962336B0C63B6DC45B8EB3D16BBD5E5761DD8AE462C04C1CC215904FF0353E84EF8194B48682114C72CF8E10F5295E5ADF36DBC520" decryptionKey="EFA118DF00BFB8206F24A1BB4AF7D18FBD6A605B44789E9048D8127FFF950A09" validation="SHA1" decryption="AES" />
<httpRuntime />
<pages enableViewStateMac="true" />
<customErrors mode="Off" />
<compilation targetFramework="4.0" debug="true" />
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
This happens when I postback to another page!
Instead of using <form action="..."> to perform a cross-page post back, try changing your submit button to read <asp:Button runat="server" postbackurl="...">. Using the PostBackUrl property is the officially supported way to perform a cross-page post back, as it sets a flag in the request telling the destination page to ignore the __VIEWSTATE field.
The main problem lies in the Application Pool of your website.Configure your website to use the proper .NET Framework version (i.e. v4.0) under the General section of the Application Pool related to your website.
Under the Process Model, set the Identity value to Network Service.Close the dialog box and right-click your website and select Advanced Settings... from the Manage Website option of the content menu. In the dialog box, under General section, make sure you have selected the proper name of the Application Pool to be used.
Your website should now run without any problem.Hope this helps you overcome this error.
Related
I have an MVC ASP.NET application set with "Individual user accounts". The log in and register features only works when debugging in Chrome. When i run without debugging on any browser including Chrome, i get redirected to the login page when attempting to register or log in.
In my web.config class i have this
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
Any idea as to whats going on?
I had the same problem before, and it's related to cookies and session state, try to run your solution without debugger in google incognito if it ran successfully, then clear your browser cache from settings (cookies).
for OWIN itself, make sure to update all of your nuget packages, this should solve the problem.
I am trying to host WCF service in "hostgator". I want to set Trust level because I am getting security permission error.
When I set Trust Level in web.config, I am getting an error.
web.config:
<location allowOverride="true">
<system.web>
<compilation debug="true" targetFramework="4.5.2"/>
<identity impersonate="false" />
<authentication mode="None" />
<httpRuntime maxUrlLength="1024" relaxedUrlToFileSystemMapping="true"/>
<customErrors mode="Off"></customErrors>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
</system.web>
</location>
Error:
An application error occurred on the server. The current custom error
settings for this application prevent the details of the application
error from being viewed remotely (for security reasons). It could,
however, be viewed by browsers running on the local server machine.
Can anybody suggest a way to solve this?
enter image description here
Per HostGator FAQ you must run in partial trust using their shared hosting:
No. The applications must be published in Medium Trust in order to run
on the Windows Shared Server.
You're not going to be able to use the SDK in a medium trust environment from what I've read. As Dynamics CRM 2016 expands its support for its REST API that may become an option for you.
In my ASP.NET web-application I have created Default.aspx (set as my start page), and a new folder called SmartCard with WebForm1.aspx inside of it. How do I configure Web.Config to prompt user for Certificate upon visiting SmartCard/WebForm1.aspx but NOT when Default.aspx loads?
In the accepted answer of this question:
if your app is hosted in IIS then simply add (in web.config) a section that says client certificate is required for those pages. THe browser will then ask the user for a cert.
From the above answer, I looked some more on StackOverflow and found this. From their accepted answer I put the following section in Web.Config:
<location path="SmartCard">
<system.webServer>
<security>
<access sslFlags="SslRequireCert" />
</security>
</system.webServer>
I then modified applicationHost.config in C:\Windows\System32\inetsrv\config (or appropriate directory for your install) and change the following line:
<section name="access" overrideModeDefault="Deny" />
to:
<section name="access" overrideModeDefault="Allow" />
However, I still get prompted for a Certificate on site load. I first get the following screen:
After clicking "Continue to this website" I then get prompted to selected a Certificate when Default.aspx loads. However, I only want to get prompted to selected a Certificate when SmartCard/WebForm1.aspx loads!
ANY help is greatly appreciated!
Here are my site settings in IIS-7:
SSL settings:
Site Bindings:
*MyDevCert is self-signed
Update:
I created a new Web.Config file inside of SmartCard directory with the following:
<?xml version="1.0"?>
<configuration>
<security>
<access sslFlags="SslRequireCert" />
</security>
<system.web></system.web>
</configuration>
I then removed the 'location' tag from base Web.Config.
Base Web.Config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<identity impersonate="false" />
</system.web>
</configuration>
However, I still get "There is a problem with this website's security certificate" screen and I get prompted for certificate once I click "Continue to this website"
From what I'm seeing, you can only have a single value for sslFlags.
See http://www.iis.net/configreference/system.webserver/security/access
And https://msdn.microsoft.com/en-us/library/ms689458(v=VS.90).aspx
The sslFlags attribute can be one of the following possible values. The default is None.
I am getting a 401.2 error on the default document in VS2013 (and IIS). Here are the steps I'm taking:
In VS2013, right click choose "New Project"
Choose "ASP.NET Web Application", click OK
Choose "Empty" project, Check "Web Forms" at the bottom and click OK
Right click on the project and choose "Add | Web Form" - named
Default.aspx with "Authentication Succeeded" as the page content
Right click on the project and choose "Add | Web Form" - named
Login.aspx
Add a "Login" as the page content
Assign an "Authentication" event handler that sets "e.Authenticated
= true"
Update the web.config as listed below
Press F5
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="default.aspx" />
</files>
</defaultDocument>
<security>
<authorization>
<remove users="*"/>
<add accessType="Deny" users="?" />
<add accessType="Allow" users="*"/>
</authorization>
</security>
</system.webServer>
</configuration>
The behavior that I'm seeing is that http://localhost:12345/Default.aspx behaves correctly (always). In other words, when I first go to Default.aspx, it redirects me to the Login.aspx page. Once I've authenticated, I can see the Default.aspx page. If I logout and try to go to the Default.aspx page again it redirects me to login first.
However, when I got the / URL instead (no Default.aspx) I get a 401.2 error (even if I've authenticated 1st)?
The Default.aspx page is listed as a default document, and if I remove the "Deny" line from the Web.Config - then the default document behaves as expected. But when Deny ? is listed in the web config, suddenly the default document stops working and I have to go to /Default.aspx in order to avoid a 401.2 error.
Any suggests as to why this would behave like this?
I see no errors about any of this in the event log. I see the same behavior when using IISExpress (in VS by pressing F5) or with IIS when going to the public URL directly through a browser.
I hesitate to offer this as an answer as I don't understand exactly why it worked for me. However it is too long for a comment and it might help you.
I found that adding the following to the System.Webserver section solved this problem:
<modules>
<remove name="FormsAuthentication"/>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
</modules>
The key seems to be to remove the managedHandler Precondition from the FormsAuthentication module. As I understand it this is only supposed to optimize serving of static content. So I do not at this point know why it would have this effect. I stumbled on this trying to establish if FormsAuthentication module needed to be registered in the System.Webserver section.
This question already has answers here:
Asp.net Validation of viewstate MAC failed
(17 answers)
Closed 9 years ago.
net 4.0 frame work,
I had made many website in this frame work but never get such error
"Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."
I think so this error is caused because of use of cookies as only in this website i had made use of cookies.
Another one thing i used to get this error very rarely almost 2twice a week
I had read many solutions for this but very rarer for 4.0
solution readed such as putting
<machineKey validationKey="6628ECBFB40F6F852AB543C23C0B83C1679C5AAE35AD72FACF5B9F4FDB70AA1F648A1D5877CE1F9D69F08BAD919BFBAC0976D9119B8F32CFB80814E4E943F8EE" decryptionKey="42F45B378301126EB4CCBA16995304263754EF116E08A81003A936CC04B7537F" validation="SHA1" decryption="AES" />
in web config
OR Adding
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
in webconfig
But where should i add in my above web config
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="Conn" connectionString="Data Source=abc; Initial Catalog=alfadesi_trikon;User ID=abc;Password=abc" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<globalization culture="en-AU" uiCulture="en-AU" />
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Windows"/>
<customErrors mode="Off"></customErrors>
</system.web>
</configuration>
you can add your machine key in system.web element.
for e.g.
<system.web>
<machineKey validationKey="1234567890123456789012345678901234567890AAAAAAAAAA"
decryptionKey="123456789012345678901234567890123456789012345678"
validation="SHA1" decryption="Auto" />
</system.web>
If you don't want to put a machinekey in the web.config for each application, you need to put it in machine level web.config for each .Net Framework version.