开发者

Asp.net Invalid viewstate - Maybe IE8 4k dropped bug?

开发者 https://www.devze.com 2022-12-18 05:20 出处:网络
I\'m getting 100+ errors per day on my website with System.Web.HttpException: Invalid viewstate. at System.Web.UI.Page.DecryptStringWithIV

I'm getting 100+ errors per day on my website with System.Web.HttpException: Invalid viewstate. at System.Web.UI.Page.DecryptStringWithIV

The website is asp.net 3.5 running on iis6 , not running in a web-garden/web-farm , single server.

The website is using xhtml doctype.

viewstate size vary from 2kb-20kb

Here are a few sample errors.

Machine: ML Framework Version: 2.0.50727.3603 Assembly Version: 6.5.3664.33889     
Source: http://www.domain.com/WebResource.axd?d=z5VmXXoSLLpQHoPictureAlert     
Exception: System.Web.HttpException: Invalid viewstate. at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)     
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)     

Machine: MLFramework Version: 2.0.50727.3603 Assembly Version: 6.5.3664.33889     
Source: http://www.mydomain.com/ScriptResource.axd?d=SE0E开发者_高级运维j7OlEAx91j2Cjv_6KkRPplqT-5wB4M7CZPdGdGn3LahLwqlRPApUcdxBsbFXYHZ91Q76FHAHWgHs8SmOC4zemr7    
siym0QY0rF3XtJTu%3C/a%3E%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ca%20id=     
Exception: System.Web.HttpException: Invalid viewstate. at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at     
System.Web.UI.Page.DecryptString(String s) at System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection queryString) at     
System.Web.Handlers.ScriptResourceHandler.ProcessRequestInternal(HttpResponse response, NameValueCollection queryString,     
VirtualFileReader fileReader) at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext context) at     
System.Web.Handlers.ScriptResourceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at     
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at     
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)    

Solutions i already tried:

  1. Wraping all inline javascript with //
  2. Setting enableViewStateMac to false
  3. Setting maxPageStateFieldLength to 5000 bytes.
  4. Define a MachineKey in web.config using http://www.developmentnow.com/articles/machinekey_generator.aspx

i cant figure out what causes the error or which page generates them. help please! thank you!


Is it possible that users are leaving the app open for long lengths of time before coming back to it? Are you pulling any information from the viewstate?

Session might be a better way to keep values across postbacks.


In my experience, these errors have been generated by a security company, or in lesser cases, by a hacker trying to post invalid data to the page. This is especially true if you cannot seem to find the source of the error yourself by clicking through the normal usage of the page.

We handle the error on the base page (which we use to inherit all our pages from) in the page_error routine. We then check the error message for this, and for others such as: a potentially dangerous querystring value, invalid postback or callback argument, etc. If one of those errors exist, we store it in an audit and have a process which handles those separately.

Also, is the site on a sesssion/web farm? It is important that the machine keys are the same on both servers. Jeff Atwood wrote an article about this as well: http://www.codinghorror.com/blog/archives/000132.html


  1. Adjust the settings on the application pools so that recycling is less likely to occur at peak periods.
  2. Use a specific key in the machine.config to prevent automatic key generation on each process start
  3. Only post to the same ASPX page
  4. Turn off firewall and antivirus software

found those here: http://support.microsoft.com/kb/555353

0

精彩评论

暂无评论...
验证码 换一张
取 消