We have installed .net 4.5 Framework in one of our web servers. Our applications are targeted for .net 4.0 and run off multiple servers behind a load balancer.
After the installation we get the following error message for some POST requests
error_name=System.ArgumentException
error_message=Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
error_details=Source: System.Web
The __EVENTVALIDATION value in the body of the request is different when it is requested from server with .net 4.5 installation. MSDN mentions that cryptography changes in .net 4.5 uses opt in configuration, so by default it should be backward compatible.
Is there a config change, without disabling event validation, I need to do for _EVENTVALIDATION to behave the same on machines with .net 4.5 installed as it behaves with only .net 4.0 ?
I had the same issue as we are currently migrating our server farm to Windows 2012 (.NET 4.5) from 2003 (.NET 4.0). Looking into the ClientScriptManager, the event validation code has changed considerably.
A fix for this was to add the appSetting to use Legacy Event Validation compatibility as described here
<appSettings>
<add key="aspnet:UseLegacyEventValidationCompatibility" value="true" />
</appSettings>
Now the values generated for event validation in my pages are the same whether generated by .NET 4.0 or 4.5
Interesting problem, I would try to freeze some behaviors to a specific version of the Framework (in the web.config).
The Request Validation Mode
<httpRuntime requestValidationMode="4.0" />
The compilation target Framework
<compilation targetFramework="4.0">
The Control rendering compatibility version
<pages controlRenderingCompatibilityVersion="4.0"/>
I'd check for the machine key configurations and make sure its the same on all servers. Uses for MachineKey in ASP.NET and http://aspnetresources.com/tools/machineKey
Also, you can check if you have any client side scripts
"If you write client script that changes a control in the client at run time, you might have to use the RegisterForEventValidation method in order to avoid false event validation errors."
http://msdn.microsoft.com/en-us/library/system.web.ui.page.enableeventvalidation.aspx