Invalid postback or callback argument.
Event validation is enabled using pages
enableEventValidation=true
in configuration or %@ Page EnableEventValidation=true in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Description:
I have a simple program that displays a blank web page with a few buttons on it that allows a user to dynamically put functional controls on the web page. The user is allowed to add, delete and move the controls around on the web page. When the user deletes a control is when I get the error message. I can get rid of the error message by including enableEventValidation=false in my <%@ page directive
I would prefer not to do that for security reasons. Since I rebuild the page on every post back every time, i was thinking about setting all controls enableViewState to false. However, since I am going to include ajax in my next version to reduce the post backs I may not want to set viewstate to false.
Since I know which controls were deleted, is there a way I can manipulate viewstate or the request object so IIS doesn't think there is a hacker lurking in the dark?
Would appreciate some help here.
Terry
sample code showing the routing to add an ASP textbox. Most controls are attached to a panel.
public static void bText(
ref Panel panel, ref Table tb, ref TableRow tr, ref TableCell tc, ref ControlProperties tp)
{
TextBox myTB = new TextBox();
myTB.Text = tp.displayThisText;
myTB.CssClass = tp.cssClassName;
myTB.ID = tp.idName;
myTB.Attributes.Add("dir", tp.direction);
myTB.Attributes.Add("runat", "server");
myTB.EnableViewState = true;
processAttributes(tp, (System.Web.UI.WebControls.WebControl)myTB);
if (tp.bgColor != null && !tp.bgColor.Equals("NoColor"))
{myTB.BackColor = Color.FromName(tp.bgColor);}
if (tp.fgColor != null && !tp.fgColor.Equals("NoColor"))
{ myTB.ForeColor = Color.FromName(tp.fgColor); }
if (tp.units == WidthUnits.pixels)
{ int temp = (int)tp.width; myTB.Width = System.Web.UI.WebControls.Unit.Pixel(temp); }
else if (tp.units == WidthUnits.percent)
{ myTB.Width = System.Web.UI.WebControls.Unit.Percentage(tp.width); }
if (tp.textMode.Equals("s"))
{
myTB.TextMode = TextBoxMode.SingleLine;
{ int len; if (int.TryParse(tp.maxCharacters, out len)) { myTB.MaxLength = len; } }
}
else
{
myTB.TextMode = TextBoxMode.MultiLine;<pre></pre>
{ int len; if (int.TryParse(tp.rows, out len)) { myTB.Rows = len; } }
if (tp.maxCharacters != null && tp.maxCharacters != "")
{
}
}
addControlToWebPage(ref panel, ref tb, ref tr, ref tc, myTB, tp.location);
}