使用 ASP.Net 1.1 框架的无效 ViewState 错误

Question

我了解为什么会收到此错误，但在尝试实施解决方案时遇到问题。

原来的错误如下：

Viewstate verification failed. Reason. The viewstate supplied failed integrity check.

我尝试通过在应用程序的 web.config 文件中添加 machineKey 属性来覆盖 machine.config 文件。我已经尝试了该文件的三个不同版本，但仍然出现相同的错误：Unrecognized attribute 'decryption'

这是我使用过的三个版本的 machineKey 属性：请注意，生成的密钥是从以下网站检索到的：http://aspnetresources.com/tools/machineKey

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" />

<machineKey compatibilityMode="Framework20SP1" validationKey="..." decryptionKey="..." validation="SHA1" decryption="DES" />

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="DES" />

请注意，Web 服务器使用 .Net 1.1 Framework 并使用 IIS 6。我知道上述解决方案适用于 .Net 2.0+，但从未遇到过适用于 .Net 1.1 版本的问题。

有人可以告诉我如何解决 .Net 1.1 版本和 IIS 6 的此错误的正确用法吗？

生产错误：

Event code: 4009 
Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check. 
Event time: 2/24/2014 9:47:08 AM 
Event time (UTC): 2/24/2014 2:47:08 PM 
Event ID: 4707606054774e39803ddd3faec745ca 
Event sequence: 956 
Event occurrence: 1 
Event detail code: 50203 

Application information: 
    Application domain: /LM/W3SVC/1/ROOT-1-130377033905397700 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: D:\SMOSingleSignon\ 
    Machine name: SMOBL01 

Process information: 
    Process ID: 27444 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\NETWORK SERVICE 

Request information: 
    Request URL: http://smons/smo.aspx 
    Request path: /smo.aspx 
    User host address: 168.110.83.66 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\NETWORK SERVICE 

ViewStateException information: 
    Exception message: Invalid viewstate. 
    Client IP: 168.110.83.66 
    Port: 8293 
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) 
    PersistedState: /GWLRu4X63VsbJHek4225SYOqaUFQjF5g+joBkW/kl6+e6KzS5Dt8euAfW3wDOEGZHYcMxltJD1on4vH38qOsyYTbbPB6ciMbCWRVMNz5k6fTxp+d9MVukREFed03OjlMHWb/Qi/lVopMxL2uHgF/tYiFhEjxg7qr++7VLhb2HpApF6S2V1pzgDN7guxr8HEFED4z9l1ei5wC8WiOkHdLjhIg9XChjZ7X2d/Qu2RV/d7Q59CZNGt/srNRSRvchy3mQGPZTDwQSd/H+LVjUVRVpmXpzGHuIXi8KJseV8bFjrTrwmhTBEPJZQjiBdJsOlm 
    Referer: http://smons/smo.aspx 
    Path: /smo.aspx

更新的 WEB.CONFIG

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

  <system.web>
    <!--<machineKey validationKey="..." validation="SHA1" /> -->
    <machineKey validationKey="..." decryptionKey="..." validation="3DES" />    
    <!--  DYNAMIC DEBUG COMPILATION
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files.
    -->
    <compilation defaultLanguage="vb" debug="false" />

    <!--  CUSTOM ERROR MESSAGES
          Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
          Add <error> tags for each of the errors you want to handle.

          "On" Always display custom (friendly) messages.
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running 
           on the local Web server. This setting is recommended for security purposes, so 
           that you do not display application detail information to remote clients.
    -->
    <customErrors mode="Off" />

    <!--  AUTHENTICATION 
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"

          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <authentication mode="Windows" /> 


    <!--  AUTHORIZATION 
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
          (unauthenticated) users.
    -->
    <authorization>
        <allow users="*" /> <!-- Allow all users -->

            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>

    <!--  APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application. 
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
          application trace log by browsing the "trace.axd" page from your web application
          root. 
    -->
    <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />


    <!--  SESSION STATE SETTINGS
          By default ASP.NET uses cookies to identify which requests belong to a particular session. 
          If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
          To disable cookies, set sessionState cookieless="true".
    -->

    <sessionState 
            mode="InProc"
            stateConnectionString="tcpip=999.0.0.9:99999"
            sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
            cookieless="false" 
            timeout="20" 
    />
<!--    
    <sessionState mode="StateServer"
        stateConnectionString="tcpip=999.0.0.9:99999"
        cookieless="false"
        timeout="180"/>
-->
    <!--  GLOBALIZATION
          This section sets the globalization settings of the application. 
    -->
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />

  </system.web>
 <appSettings>
        <add key="SingleSignonSOAPEndPoint" value="http://localhost/SMOWebServices/SMOSingleSignon.asmx"/>
        <add key="MSSQLSVR" value="SSCPPSRDBB\PROD"/>
        <add key="MSSQLDB"  value="SMO"/>
        <add key="MSSQLUID" value="smoss"/>
        <add key="MSSQLPWD" value="smo0ss0$"/>
        <add key="Message"  value="SMO 4.1C10"/>
        <add key="JWalkServerHost" value = "SMOBL01"/>  
        <add key="ProdFlag" value="T"/>
        <add key="DB400UID" value="SMOAPPL"/>
        <add key="DB400PWD" value="SMOAPPL"/>   
        <add key="MGPSQLDB"  value="General_Purpose"/>
  </appSettings>

</configuration>

Answer 1

从 元素中移除“decryption”和“compatibilityMode”属性。 .NET 1.1 不支持它们。

此外，您应该永远使用不是您自己生成的机器密钥。否则，您相信给您密钥的第三方没有记录它并将其用于邪恶目的。您可以按照http://msdn.microsoft.com/en-us/library/ms998288.aspx#paght000007_webfarmdeploymentconsiderations 的说明在您自己的机器上安全地生成随机值。