I've been noticing random errors on a site and think I've finally got the answer... I've been receiving these "Invalid length for a Base-64 char array" or "Unable to validate data" errors from users in complete randomness. Specifically:
System.FormatException: Invalid length for a Base-64 char array.
System.Web.HttpException: The client disconnected. ---> System.Web.UI.ViewStateException: Invalid viewstate.
and
System.Web.HttpException: Unable to validate data.
System.Web.HttpException: The client disconnected.---> System.Web.UI.ViewStateException: Invalid viewstate.
There's no pattern. I go to the exact same page, refresh, stop, use back keys, etc... and to no avail, no error... According to other blogs and forums, they suggest turning off some security features, which was NOT an option and shouldn't be for you either. My first stop was at my system administrators office. I thought something is meddling with the viewstate. Maybe an intrusion detection or firewall setting was cleaning out some weird characters. After further investigation, nothing.
So looking through the web.config, I took a look at my http handlers. I notice I'm using the RadCompression Utility, (http://www.telerik.com/products/aspnet-ajax/compression.aspx). Apparently, this utility and other similar utilities are notorious for causing these errors. At some point, one of these handlers manipulates the viewstate incorrectly (most likely a bug in the software), that changes the viewstate by attempting to optimize it. When the viewstate is different between callbacks, you'll get on of the errors above.
What ever you do, don't disable .NET inherent security controls like event validation. These controls are there for a reason... Security should always be your #1 priority.
UPDATE: A few months later, I reproduced this problem again, but this time at home. I'm on a wireless connection, and my glorious FIOS wireless router loses connection in the middle of a page refresh.
Monday, August 3, 2009
Subscribe to:
Post Comments (Atom)
Posts
4 comments:
Hi,
I have exact the same problem. But the application does not use any 'telerik' controls. The application uses self made controls. Have you already found a solution for your problem?
Thx,
I still think this is a client PC issue. As a page request is occuring, the client loses their wifi or VPN connection. This issue only appears in my logs sporadically.
Found this old thread after seeing some errors logged on an app I'm running on localhost, with a local DB. I've noticed that forms which have been posted back, and then sit a while, seem to have a problem with a subsequent postback. In the past all I saw was a long delay and timeout.
Now that I've got error logging in place (in global.asax), I'm still not seeing the exception in the browser, just timeout behavior, but the log reveals an issue in the Deserialize / viewstate pipeline, and quite possibly something to do with caching and/or cache timeouts. If that makes sense.
This CAN'T be related to a lost connection (can it?), since it's all on one machine.
Minimizing viewstate sounds like a good idea; I'm sure I have way more than I need, just stumbling along with what .NET does automagically. "But still" -- this error should be resolvable.
Hope the further clue may be useful to you or your readers...
We've noticed several exceptions lately:
1. ERROR Global - Unhandled exception was [System.Web.HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.UI.ViewStateException: Invalid viewstate
2. ERROR Global - Application_Error : unhandled exception processing /[appname]/WebResource.axd?d=7WqrZXPDPY2xUiClueIdE5Cz4PWCjDoFfw1HM7c35AwqScmXVOs7GP-OgrkHTYg9QFXqxPCcKNxNSLGYFU9N5SeyZgufnhPWA90UXYqc5EHcU3PZEGabtebr0F6b0ex8QqHX4FrEF8CJ7ZdhknkMMgfmo2-m-Tp97yJyO1Qqc8o1&t=634698739620000000
3. ERROR Global - Unhandled exception was [System.Web.HttpException (0x80004005): The client disconnected. ---> System.Web.UI.ViewStateException: Invalid viewstate.
Solutions:
1. Solved! This was due to the fact that we were automatically generating the machine key on IIS, instead of using a fixed machine key (in fact, we're now putting it in web.config)
2. We think this is related to machine keys as well. Web Resources were being encrypted and stored/cached by the browser with a given machine key, and then later on a different key is being used to try and decrypt. The problem seems to have disappeared after using fixed machine keys and the clients deleting their temporary internet files.
3. This seems to happen randomly, but I was able to reproduce it (only once) by clicking back on a page that was taking long to respond. Our solution is simply to catch the Unhandled exception and do nothing (or log it as a warning), since the user doesn't even notice it.
Any more insight into any of these would be appreciated.
Post a Comment