Ajax and ASP.Net EventValidation


By default in an ASP.Net webform, Event validation is turned ON. This is a security feature aimed at preventing injection attacks. But consider this scenario, your asp.net page is rendered with a drop down list with certain values, depending on some user selections, you did an AJAX call and modified the contents of this drop down list, when you do a postback on this page, asp.net will throw this error:

Invalid postback or callback argument. Event validation is enabled using
in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation
method in order to register the postback or callback data for validation.

The reason for this is that the data that was postback is now different from the original data that was rendered by ASP.Net. I have noticed that in couple of instances you will receive this error, one is selecting any new value from the drop down list and doing a postback on dropdown list, another scenario is if you do a __doPostBack(”,”) call from your javascript.

Workaround is get around this message is to turn OFF the event validation. This can be done by either setting the page directive
enableeventvalidation=”false” (for controlling it in a page level) or change web.config to add to control it for the entire site.

Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s