Monday, May 25, 2009

/ScriptResource.axd : Invalid viewstate

After reviewing Microsoft's CLR code for errors (see last blog post) and finding none. I tried turning off the cross site scripting filter (XSS) in Microsoft Internet Explorer 8 by adding the X-XSS-Protection: 0 response header in IIS custom headers tab. This didn't work. I made a guess that the browser might think that the /ScriptResource.axd inserted into HTML of the page was a XSS injection because of the querystring. However, this didn't work. {6230289B-5BEE-409e-932A-2F01FA407A92}


  1. This 'invalid viewstate' is driving me nuts!

    For the past few weeks i've been trying everything i can to resolve this issue with no luck.

    My site passes w3 validator for XML doctype and still i'm getting this 'invalid viewstate'.

    I've installed ie8 on another computer running XP and i couldn't reproduce the problem. Maybe it has something to do with Vista + IE8. I'll try it and let you know if i find something.

    Good luck.

  2. It may have to do with ASP.NET AJAX. I read something and set enableeventvalidation=false in web.config and it went away on my sites. The issue I was having was related to dynamic controls popping up on a page via AJAX and then when the page did a real postback it would see invalid controls because those dynamic controls weren't in the original control tree, or something like that.