Html.AntiForgeryToken()在升级到.NET 3.5 SP1后导致错误

时间:2009-02-11 13:25:05

标签: asp.net-mvc .net-3.5 cryptography viewstate

我刚刚更新到.NET 3.5 SP1,我曾经工作过的ASP.NET MVC页面现在已经停止工作了。

尝试加载页面时,我得到以下YSOD

[CryptographicException: Padding is invalid and cannot be removed.]
   System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) +7596702
   System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +208
   System.Security.Cryptography.CryptoStream.FlushFinalBlock() +33
   System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) +225
   System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +195

[ViewStateException: Invalid viewstate. 
    Client IP: 127.0.0.1
    Port: 
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
    ViewState: hC6BC8KsuD/yoy2iG74bUZ8TYhGfuDDeIjh9fg/L18yr/E+1Nk/pjS5gyn9O+2jY
    Referer: http://localhost:1092/admin/product
    Path: /admin.aspx/product/edit/4193]

[HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.]
   System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +106
   System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) +14
   System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +242
   System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) +4
   System.Web.Mvc.AntiForgeryTokenSerializer.Deserialize(String serializedToken) +73

如果我删除该行

<%= Html.AntiForgeryToken() %>

一切都有效,任何想法可能导致这个?如果这是一个MVC或.NET问题,我希望找到一个解决方案更幸运,所以我猜这与我的配置有关。

我已经尝试重新安装MVC框架,看看是不是因为我在SP1之前安装但我仍然遇到同样的问题。 Google和SO搜索没有得出任何确切的结论。

3 个答案:

答案 0 :(得分:15)

Doh,刚刚解决了它。

清除浏览器缓存和Cookie,一切正常。

答案 1 :(得分:3)

如果站点已经部署并且您正在进行维护(包括ASP.NET MVC程序集更新),则不能选择清除浏览器缓存。这是我使用的解决方案:

@Html.AntiForgeryTokenReset() @* use this instead*@

这是扩展方法

public static MvcHtmlString AntiForgeryTokenReset(this HtmlHelper htmlHelper)
{
    try
    {
        return htmlHelper.AntiForgeryToken();
    } catch (Exception ex)
    {
        var request = HttpContext.Current.Request;
        request.Cookies.Clear();
        return htmlHelper.AntiForgeryToken();
    }
}

答案 2 :(得分:1)

现在看来这个问题已经解决了。看看http://forums.asp.net/p/1388671/2960554.aspx