第EventValidation是真正的错误? [英] Page EventValidation is True error?
问题描述
我做了两列表框和价值交换使用输入透过型(HTML标签)Jquery..values的onclick事件都容易从1列表框换到另一个但是当我去商店选择从列表框中选择这样的价值值给我..
首先让我搜索在谷歌我得到了错误页面Eventvalidation = true并且通过解决这个问题。
i did two listbox and value swap by using Input sumbit type(Html tag) onclick event of Jquery..values are easy to swap from 1 listbox to another but when i go for store selected value from listbox so selected value given me.. First i got error Page Eventvalidation=true so i searched on google and solve this problem by using
protected override void Render(System.Web.UI.HtmlTextWriter writer)
{
Page.ClientScript.RegisterForEventValidation(lsttolimo.UniqueID,this.ToString());
base.Render(writer);
}
还溶液是找不到的。比使用后,我的UpdatePanel,并添加每个控件的触发器,但仍然解决方法未找到
yet solution is not found. than after i was used UpdatePanel and add Each of The Controls in Triggers but still Solution is not found
推荐答案
首先,让我们明白什么叫做 EventValidation 意味着.NET的世界。
First let's understand what the EventValidation means in the world of .NET.
当你创造一些服务器控件,然后应该呈现为HTML,让他们可以在浏览器中显示。现在,假设你有一个DropDownList 10个项目。这10个项目将呈现为<选项>在标记<选择> 标记(它们都转换为HTML等效控制)。
When you create some server controls, then should be rendered into HTML, so that they can be shown in the browser. Now, consider that you have 10 items in a DropDownList. Those 10 items would be rendered as <option> tags inside <select> tag (they are converted to HTML equivalent control).
现在,ASP.NET加密的10个值,并将它们添加到 EventValidation 隐藏域了。这意味着,你现在已经送到那些10值两次以浏览器。现在,每当有人回帖子的形式,ASP.NET得到公布值(这10个项目中的一个张贴回)。然后,这些解密加密的10的值(现在有10 + 1的值)。它检查以查看是否贴值是10个项目中的一个或没有。如果是,那么ASP.NET得到确认一切正常。但是,如果它不是,那么它知道有人试图愚弄了。
Now, ASP.NET encrypts those 10 values, and adds them to the EventValidation hidden field too. This means that you now have sent those 10 values TWO TIMES to the browser. Now, whenever somebody posts back the form, ASP.NET gets the posted value (one of those 10 items is posted back). It then decrypts those 10 encrypted values (now it has 10 + 1 values). It checks to see if the posted value is one of the 10 items or not. If it is, then ASP.NET gets sure that everything is OK. But if it's not, then it understands that somebody has tried to fool it.
现在,考虑比如,你有个国家的名单,而你只有3个国家接受的用户,比方说,美国,英国和澳大利亚。然而,有人来到你的注册页面,了解HTML并创建一个具有相同的字段和国家的同一名单另一种形式。但是,这一次,他还增加了另外一个国家的名称列表(说,伊朗)。
Now, consider for example that you have a list of countries, and you only accept users from 3 countries, say for example, US, England, and Australia. However, someone comes to your registration page, understands the HTML and creates another form with the same fields and the same list of countries. But this time he also adds the name of another country to your list (say Iran).
如果你没有EventValidation打开,你没有明确检查的国家,那么你只是傻傻地接受伊朗作为一个有效的国家。这就是所谓的 形式欺骗
If you don't have EventValidation turned on, and you don't explicitly check for the country, then you're simply fooled into accepting Iran as a valid country. This is called form spoofing.
现在,既然你有两个列表,和你交换,当然他们的价值观,.NET认为它越来越上当。我建议你关闭EventValidation(这是更简单的方法,但更容易出现安全问题),并检查自己。
Now, since you have two lists, and you swap their values, of course, .NET thinks that it's getting fooled. I recommend that you turn off the EventValidation (this is the easier way, but more prone to security problems) and check it yourself.
要关闭事件验证,只需添加到您的web.config文件:
To turn off event validation, simply add this to your web.config file:
<system.web>
<pages enableEventValidation="false"
</system.web>
这篇关于第EventValidation是真正的错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
