I using curl to post data to another server, between each posting I use

Question

0

Asked: June 6, 20262026-06-06T19:34:31+00:00 2026-06-06T19:34:31+00:00

I using curl to post data to another server, between each posting I use

0

I using curl to post data to another server,
between each posting I use a function to fetch the hidden fields
like “__VIEWSTATE”.
it worked like a charm before, but they updated there website,
so i rewriten my code to use the new fieldnams,
but on the last step i gets the error:
“Validation of viewstate MAC failed.”

if I do the same step in a webbrowser it works as it should,
I used an addon to fetch what postdata the browser was sending
and compared it with what my script is sending,
and its looks the same.

My knowledge of ASP.NET is minimal,
and all info i can find here about the error
recomendates changes on the ASP-NET-server.

So i hope someone here can guide me to find out why
it in the browser have a 100% successrate,
and curl have 0% successrate on that page,
but using the same functions on previus pages,
works 100% with curl.

postdata the browser was sending:

__EVENTTARGET=
__EVENTARGUMENT=
__VIEWSTATE=%2FwEPDwUKLTk2MDAxNjU3MA9kFgJmD2QWAgIDD2QWDgIFD2QWAgIBDw8WAh4EVGV4dAUfRsO2cmV0YWdzZ3J1cHBlbiBpIEfDtnRlYm9yZyBBQmRkAgcPDxYEHwAFH0bDtnJldGFnc2dydXBwZW4gaSBHw7Z0ZWJvcmcgQUIeC05hdmlnYXRlVXJsBR1%2BL0NsaWVudENhcmQuYXNweD9DbGllbnRJRD05OGRkAgkPDxYCHgdWaXNpYmxlZ2RkAgsPDxYEHwAFI0JZR0cgJiBFTkVSR0lTRVJWSUNFIFPDlkRFUlTDllJOIEFCHwEFNH4vQ3VzdG9tZXJPdmVydmlldy5hc3B4P0NsaWVudElEPTk4JkN1c3RvbWVySUQ9MjY0NDBkZAINDw8WAh8CZ2RkAg8PDxYCHwAFE1JlZGlnZXJhIGFudsOkbmRhcmVkZAIVDw8WAh8CaGQWAgIDDxBkZBYBZmQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FFmN0bDAwJGJvZHkkY2hrSXNBY3RpdmUFHmN0bDAwJGJvZHkkY2hrSGFzU3VwZXJVc2VyUGVybQUfY3RsMDAkYm9keSRjaGtIYXNTdGF0aXN0aWNzUGVybQUkY3RsMDAkYm9keSRjaGtIYXNBbm51YWxSZXBvcnRTZXJ2aWNlBTBjdGwwMCRib2R5JGNoa0hhc0NvcnBvcmF0aW9uQ2hhcnRlclJlcG9ydFNlcnZpY2UFN2N0bDAwJGJvZHkkY2hrSGFzQ2VydGlmaWNhdGVPZlJlZ2lzdHJhdGlvblJlcG9ydFNlcnZpY2UFH2N0bDAwJGJvZHkkY2hrSGFzTW9uaXRvclNlcnZpY2UFK2N0bDAwJGJvZHkkY2hrSGFzRGlnaXRhbFNwYXJya2F0YWxvZ1NlcnZpY2UFJmN0bDAwJGJvZHkkY2hrSGFzUGVyc29ua29udHJvbGxTZXJ2aWNlBSVjdGwwMCRib2R5JGNoa0hhc0NvbXBhbnlSZXBvcnRTZXJ2aWNlBSRjdGwwMCRib2R5JGNoa0hhc1BlcnNvblJlcG9ydFNlcnZpY2UFHWN0bDAwJGJvZHkkY2J4UmVwb3J0c0NvbXBhbnkzBRxjdGwwMCRib2R5JGNieFJlcG9ydHNQZXJzb24zBRBjdGwwMCRtbHRDb250ZW50Dw9kZmR8z6SDM7weB%2BgWrg%2B8u3EnNPkQGA%3D%3D
__EVENTVALIDATION=%2FwEWFwKGsKOJCgK70ZWTDQLr%2BJWFDQKo1a2oCwKplfT%2BCgLRieqTAwKt6qHvAQK9rKu9AgKh%2F5ODDQKqtpTtDQLvv7CxBALa4vDGBQKCuafwDwKP1ZOjBgKsqdXxCgL6hbmQBwK%2BjaGZDQL%2FqY7cBALml%2FqcBgLYg53pDwL108DhBQLfzPnCAQLBr6dM9cK5UIsGFZ5ocJchTM8CHTFigfk%3D
ctl00%24body%24cmdSave=Spara
ctl00%24body%24txtName=BYGG+%26+ENERGISERVICE+S%C3%96DERT%C3%96RN+AB
ctl00%24body%24txtUserName=5566960836
ctl00%24body%24txtEmail=anonym%40telia.se
ctl00%24body%24txtDepartment=
ctl00%24body%24chkIsActive=on
ctl00%24body%24chkHasStatisticsPerm=on
ctl00%24body%24txtLoginName=5566960836
ctl00%24body%24txtPassword=stackoverflow
ctl00%24body%24chkHasAnnualReportService=on
ctl00%24body%24chkHasCorporationCharterReportService=on
ctl00%24body%24chkHasCertificateOfRegistrationReportService=on
ctl00%24body%24chkHasMonitorService=on
ctl00%24body%24chkHasDigitalSparrkatalogService=on
ctl00%24body%24chkHasPersonkontrollService=on
ctl00%24body%24chkHasCompanyReportService=on
ctl00%24body%24chkHasPersonReportService=on
ctl00%24body%24cbxReportsCompany3=on
ctl00%24body%24cbxReportsPerson3=on
ctl00%24body%24hidNewUser=1

the post data my script is sending

Array
(
    [__EVENTTARGET] => 
    [__EVENTARGUMENT] => 
    [__VIEWSTATE] => /wEPDwUKLTk2MDAxNjU3MA9kFgJmD2QWAgIDD2QWDgIFD2QWAgIBDw8WAh4EVGV4dAUfRsO2cmV0YWdzZ3J1cHBlbiBpIEfDtnRlYm9yZyBBQmRkAgcPDxYEHwAFH0bDtnJldGFnc2dydXBwZW4gaSBHw7Z0ZWJvcmcgQUIeC05hdmlnYXRlVXJsBR1+L0NsaWVudENhcmQuYXNweD9DbGllbnRJRD05OGRkAgkPDxYCHgdWaXNpYmxlZ2RkAgsPDxYEHwAFI0JZR0cgJiBFTkVSR0lTRVJWSUNFIFPDlkRFUlTDllJOIEFCHwEFNH4vQ3VzdG9tZXJPdmVydmlldy5hc3B4P0NsaWVudElEPTk4JkN1c3RvbWVySUQ9MjY0NDBkZAINDw8WAh8CZ2RkAg8PDxYCHwAFE1JlZGlnZXJhIGFudsOkbmRhcmVkZAIVDw8WAh8CaGQWAgIDDxBkZBYBZmQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FFmN0bDAwJGJvZHkkY2hrSXNBY3RpdmUFHmN0bDAwJGJvZHkkY2hrSGFzU3VwZXJVc2VyUGVybQUfY3RsMDAkYm9keSRjaGtIYXNTdGF0aXN0aWNzUGVybQUkY3RsMDAkYm9keSRjaGtIYXNBbm51YWxSZXBvcnRTZXJ2aWNlBTBjdGwwMCRib2R5JGNoa0hhc0NvcnBvcmF0aW9uQ2hhcnRlclJlcG9ydFNlcnZpY2UFN2N0bDAwJGJvZHkkY2hrSGFzQ2VydGlmaWNhdGVPZlJlZ2lzdHJhdGlvblJlcG9ydFNlcnZpY2UFH2N0bDAwJGJvZHkkY2hrSGFzTW9uaXRvclNlcnZpY2UFK2N0bDAwJGJvZHkkY2hrSGFzRGlnaXRhbFNwYXJya2F0YWxvZ1NlcnZpY2UFJmN0bDAwJGJvZHkkY2hrSGFzUGVyc29ua29udHJvbGxTZXJ2aWNlBSVjdGwwMCRib2R5JGNoa0hhc0NvbXBhbnlSZXBvcnRTZXJ2aWNlBSRjdGwwMCRib2R5JGNoa0hhc1BlcnNvblJlcG9ydFNlcnZpY2UFHWN0bDAwJGJvZHkkY2J4UmVwb3J0c0NvbXBhbnkzBRxjdGwwMCRib2R5JGNieFJlcG9ydHNQZXJzb24zBRBjdGwwMCRtbHRDb250ZW50Dw9kZmR8z6SDM7weB+gWrg+8u3EnNPkQGA==
    [__EVENTVALIDATION] => /wEWFwKGsKOJCgK70ZWTDQLr+JWFDQKo1a2oCwKplfT+CgLRieqTAwKt6qHvAQK9rKu9AgKh/5ODDQKqtpTtDQLvv7CxBALa4vDGBQKCuafwDwKP1ZOjBgKsqdXxCgL6hbmQBwK+jaGZDQL/qY7cBALml/qcBgLYg53pDwL108DhBQLfzPnCAQLBr6dM9cK5UIsGFZ5ocJchTM8CHTFigfk=
    [ctl00$body$hidNewUser] => 1
    [ctl00$body$cmdSave] => Spara
    [ctl00$body$txtName] => BYGG & ENERGISERVICE SÖDERTÖRN AB
    [ctl00$body$txtUserName] => 5566960836
    [ctl00$body$txtEmail] => anonym@telia.se
    [ctl00$body$txtDepartment] => 
    [ctl00$body$chkIsActive] => 1
    [ctl00$body$chkHasStatisticsPerm] => 1
    [ctl00$body$txtLoginName] => 5566960836
    [ctl00$body$txtPassword] => stackoverflow
    [ctl00$body$chkHasAnnualReportService] => 1
    [ctl00$body$chkHasCorporationCharterReportService] => 1
    [ctl00$body$chkHasCertificateOfRegistrationReportService] => 1
    [ctl00$body$chkHasMonitorService] => 1
    [ctl00$body$chkHasDigitalSparrkatalogService] => 1
    [ctl00$body$chkHasPersonkontrollService] => 1
    [ctl00$body$chkHasCompanyReportService] => 1
    [ctl00$body$chkHasPersonReportService] => 1
    [ctl00$body$cbxReportsCompany3] => 1
    [ctl00$body$cbxReportsPerson3] => 1
)

The question:

What client side differences can trigger the “Validation of viewstate MAC failed”-error?

(notice: the postdata above have bean manipulated in 2 ways, first i replaced the password with “stackoverflow”, and i also replace the user of email adress with anonym)

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T19:34:34+00:00

Editorial Team

2026-06-06T19:34:34+00:00Added an answer on June 6, 2026 at 7:34 pm

used the wrong URL, sent the right postdata from start, just sent it to the wrong place.
so simple, and still so hard to find when you look at the wrong place.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I using curl to post data to another server, between each posting I use

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply