Disabling ASP.NET EventValidation

Question

Disabling ASP.NET EventValidation

We are tired of getting exceptions for the "Invalid feedback or callback argument" in our web application. What scenario is causing this error?

After talking with users, we determined that one of the possible reasons for this is when they click on what causes the postback, and then click on something else before the completion of the initial postback.

What is the harm when disabling event checking? What we stand for, SecureIIS for enhanced security.

UPDATE In some places, we use Javascript to change certain values of controls, such as a drop-down list (we do this to improve the user interface - fewer postbacks). This is likely to cause an error. We have strict changes for all users, so we will continue to work with disabling EventValidation. Thanks!

+4

.net asp.net

Josh stodola Feb 12 '09 at 16:57

source share

2 answers

FWIW, I have installed SecureIIS for many years and have not experienced any of these problems.

0

Mateo ferreira Jul 31 '10 at 17:15

source share

Rex m · Accepted Answer · 2009-02-12T17:00:16+0000

Event verification verifies that values have not been manually changed, for example. outside the scope permitted by controlled entities. For example, if you have a drop-down list with three options 1, 2, or 3 ... if the user (or the malicious intermediary) changes the value to 4, the check will fail.

As long as you do your own check of each handler to ensure that the input values are valid and your code is structured in such a way that unexpected input does not lead to anything happening (safer), you will be ok with checking the correctness off.

Disabling ASP.NET EventValidation

More articles: