I've got a client with a legacy ASP.NET WebForms app that was, previously, running ASP.NET 2.0. The site needed a new feature that necessitated using a third-party component that required ASP.NET 4, so we moved his application from ASP.NET 2.0 to ASP.NET 4.0 and the move went smoothly except we're getting the following intermittent exception:
System.IndexOutOfRangeException
Index was outside the bounds of the array.
System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.IndexOutOfRangeException: Index was outside the bounds of the array.
at System.Web.UI.WebControls.GridView.LoadControlState(Object savedState)
at System.Web.UI.Control.LoadControlStateInternal(Object savedStateObj)
at System.Web.UI.Page.LoadAllState()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.maintenancetechnician_advancedsearch_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
There were some Stack Overflow questions on this, but all had to do with load balanced/multi-server environments and having this happen when a request bounced from one server with different settings than another (such as one having had some .NET SP installed and the other not).
But this is running in a single-server environment.
Moreover, this problem didn't start until the upgrade to ASP.NET 4. Searching hte ELMAH error logs reveals that this exception has happened 8 times today and not once prior to today (as far back as our logs go, at least, which is a month).
Any ideas on where to go from here?
I agree that posting code would help, but I think I may know what's happening. We ran into a similar issue a few months ago. It ended up being that the Gridview control had it's EnableViewState set to false. Check that viewstate is enabled on the grid and see if that clears it up.
This site has a decent description of what happens when the viewstate is off:
http://forums.asp.net/t/1026981.aspx?ObjectDataSource+GridView+Disabled+ViewState+Major+Concurrency+Issues+possible+solution+
Related
My server is throwing errors like this. I suppose some kind of attack is takign place. I have IIS7, Windows server 2012.
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.RawUrl value was detected from the client (="...?return="><noembed><img+src%3D...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_RawUrl()
at System.Web.UI.Page.ValidateRawUrlIfRequired()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
It is basically warning for a cross-site scripting attack (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
This means somebody is trying to inject valid HTML into your webpage using the query-string. If your webserver is programmed to subsequently display this somewhere else (maybe a forum or something) then this opens up an attack vector. Other visiting users to your site might execute JavaScript code injected by the attacker.
To prevent this, ASP.NET by default does not allow certain content to appear in the query string, specifically anything that resembles valid HTML. This could be caused by an input-field somewhere on your website that does not correctly escape HTML characters OR someone is simply trying to attack you website. Either way, make sure to always escape user-controlled input correctly on the server or on the client (or both).
If you think your security is OK, then you can ignore this error as it is basically out of your control. ASP.NET simply detected the attack and blocked it.
I know this was posted here so many times and had a valuable suggestions and suggested fixes. But none of them helped.
We have an e commerce site which is online ordering system. Our web site is hosted on IIS 7.0 with .net framework 4.0.(this is the only website running on IIS ). In our testing environment everything worked fine and we deployed it.
Now we are getting MAC ERROR when user is trying to access the site or if he is in the site and browsing to other pages, user is facing this error. Here is the stack trace.
Exception: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Stack Trace: System.Web.HttpException
Stack Trace:
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_usagereports_index_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
We started getting this issue when we implemented a code to fix CSRF issue in the base page.
If we take out the code and tested with a user, we are not getting any error.
So far we have tried these solutions
1) Applied machine key to the website even though we are not web farm environment.
2) We don’t want to disable the enableviewstate to false or the viewstateencryption mode to never as it is preferred not to do that. We even tried this but didn’t help.
3) We tried assigning different combinations for the base.viewstateuserkey like combination of userhostaddress and user Agent but it didn't help.
4) We used Microsoft .net web protection library from this link
http://software-security.sans.org/developer-how-to/developer-guide-csrf
After this we started getting another error
Inner Exception Type: System.InvalidOperationException
Inner Exception: Validation of Anti-XSRF token failed.
Inner Stack Trace:
at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.signin_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Now we are getting two errors. MAC error and Anti XSRF error.
Searched on this error and I saw number of posts but i tried them. None of them helped.
Any suggestions on this are much appreciated.
Thanks in advance
The MAC for the ViewState is derived using the ANtiXsrfTokenKey generated in your master page. If the token is not present when the user accesses your site (cookies disabled or the value in the cookie changed or deleted) then the page will generate a new token. What then happens, if there is a ViewState in the page being posted back, is that the MAC will be checked with the new Token and won't match the old token, that is the first error you can see.
The Xsrf check in your master page is slightly confusing but uses the Xsrf token stored in a cookie and matches it to the value stored in the page. Usually these will match but if another site attempts to make an illegal request to your site, their site won't send the Xsrf cookie and the check will fail. The reason that this is confusing is that if you have a ViewState, this will fail before the Xsrf check.
Another issue with the Xsrf check is that it uses the logged in user's name as part of the check. If a user is logged in and then the auth cookie is deleted or expires, this part of the check will fail and you will see an Xsrf failure which is misleading, the real error is that "the authentication has expired causing the Xsrf check to fail".
I have re-worked the functions in Site.Master.cs several times to make these errors more clear.
Hope that helps.
I am working on web application which is using lot of Ajax controls. I am not the developer of the application. I working on rectifying this issue. This application keeps throwing the error message below:
Source: System.Web
Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
Stack trace:
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.whyfj_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I tried searching on google but didn't get any solution. I am not facing this problem in local server and main thing this is that its random error. Some time same pages works very well.
Server : 2008, IIS 7.5
Please help
That's not the stacktrace of the actual exception, just the stacktrace of the Error handling framework. Unless you can find the innerException in the event logs, you won't be able to fix this easily.
Approach the developer.
I am implementing authorisation on a web application using the ASP.NET SqlMembershipProvider, but it is randomly throwing an invalid cast exception when calling the GetUser method.
I can log in, and navigate the pages all fine, but than at random points, boom, it craps out, and throws the exception:
Unable to cast object of type 'System.Int32' to type 'System.String'
Looking at the stack trace you can clearly see it is being caused by the Membership Provider:
[InvalidCastException: Unable to cast object of type 'System.Int32' to type 'System.String'.]
System.Data.SqlClient.SqlBuffer.get_String() +5002910
System.Data.SqlClient.SqlDataReader.GetString(Int32 i) +55
System.Web.Security.SqlMembershipProvider.GetUser(String username, Boolean userIsOnline) +1169
System.Web.Security.Membership.GetUser(String username, Boolean userIsOnline) +63
System.Web.Security.Membership.GetUser() +19
_Default.LoadLeadOverview() in \\file1\default.aspx.vb:169
_Default.Page_Load(Object sender, EventArgs e) in \\file1\default.aspx.vb:30
System.Web.UI.Control.OnLoad(EventArgs e) +91
System.Web.UI.Control.LoadRecursive() +74
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207
I have had a look around and found other people with the same issue, but no solution. Any thoughts would be welcome.
Whilst I haven't done anything to specifically resolve this issue, I haven't seen it in a couple of weeks. Looking back, I was testing the site in multiple browsers at the same time, with the same account, logging in and out a lot, and that seemed to be when then problem came up. Now all the CSS and other cross-browser stuff has been settled, I'm not using multi browsers so heavily, and not at the same time and it seems to be fine.
Is it possible some of your users have all digits as their username? It might be that auto type is boxing wrong somewhere along the way.
I received the following error while trying to login to a secured directory. As far as I know there are no large hashtables in use. The user login information is in the web.config file. Notice this is happening in .NET 2.0. I've searched and found references to this occurring in .net 1.0 or 1.1 environments but I haven't found a solution for it happening in 2.0+.
I need to figure out why this happened so I can avoid it in the future. I could just reset the server and maybe it goes away but I would prefer to understand why it happened.
Here is the entire error page as shown:
Server Error in '/' Application.
Hashtable insert failed. Load factor
too high.
Description: An unhandled exception
occurred during the execution of the
current web request. Please review the
stack trace for more information about
the error and where it originated in
the code.
Exception Details:
System.InvalidOperationException:
Hashtable insert failed. Load factor
too high.
Source Error:
An unhandled exception was generated
during the execution of the current
web request. Information regarding the
origin and location of the exception
can be identified using the exception
stack trace below.
Stack Trace:
[InvalidOperationException: Hashtable
insert failed. Load factor too high.]
System.Collections.Hashtable.Insert(Object
key, Object nvalue, Boolean add)
+2903977 System.Collections.Hashtable.set_Item(Object
key, Object value) +11
System.ComponentModel.ReflectTypeDescriptionProvider.ReflectGetAttributes(Type
type) +323
System.ComponentModel.ReflectedTypeData.GetAttributes()
+36 System.ComponentModel.DefaultTypeDescriptor.System.ComponentModel.ICustomTypeDescriptor.GetAttributes()
+50 System.ComponentModel.TypeDescriptor.GetAttributes(Type
componentType) +26
System.Web.UI.ThemeableAttribute.IsTypeThemeable(Type
type) +98
System.Web.UI.Control.ApplySkin(Page
page) +49
System.Web.UI.Control.InitRecursive(Control
namingContainer) +2120286
System.Web.UI.Control.InitRecursive(Control
namingContainer) +198
System.Web.UI.Control.InitRecursive(Control
namingContainer) +198
System.Web.UI.Control.InitRecursive(Control
namingContainer) +198
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint) +834
Version Information: Microsoft .NET
Framework Version:2.0.50727.1433;
ASP.NET Version:2.0.50727.1433
The following hotfix addresses this (and other) issues.
http://support.microsoft.com/?id=927579
(information sourced from here)
In .NET 4.0, this same bug reappeared; it was fixed in a hotfix with KB:2576011. It may now be rolled up into standard updates (haven't checked), but: a hotfix for 4.0 is available from MS if needed.
I've had a similar issue, outlined here:
HashTable Insert Failed. Load Factor Too High. .NET 2.0 SP2
However, the 927579 hotfix was included in .NET 2.0 SP1 ( http://support.microsoft.com/kb/945757 ) and we still got the same issue as listed above. Hopefully the newer hotfix ( http://code.msdn.microsoft.com/KB968432 ) will resolve it once and for all.
I can't vouch for it as I haven't had chance to install it on our server yet, and considering we haven't had a recurrence of the problem after the last time then even if it had been installed I wouldn't be able to say whether it works or not!