.net应用程序中的奇怪错误。 - RijndaelManaged

[英]Strange Error in .net Application. - RijndaelManaged

During a recent load test, I've been getting some strange "Index Out of Range Exception"


Stack trace:

 at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
   at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
   at System.Web.UI.Page.DecryptString(String s)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

We are not using a farm or cluster, and I am not using any cryptography in the app.


It appears that this is happening in the behind the scenes .Net classes.


I figure this has something to do with viewstate, but I can't find out why this is being thrown.


Any Ideas?

2 个解决方案



If someone initiates a post, the application starts sending the post with all 500KBs of viewstate. Half way through postback, the user gets bored and clicks something else. The browser cuts off the postback with just part of the viewstate. The server throws an error that says the viewstate is borked. I would guess this is a 2.0 application with the viewstate encryption feature turned on. The solution is to manage viewstate size more aggressively.

如果有人发起帖子,则应用程序开始发送包含所有500KB viewstate的帖子。在回发的一半时,用户会感到无聊并点击其他内容。浏览器仅使用viewstate的一部分来切断回发。服务器抛出一个错误,表示视图状态已被阻止。我猜这是一个启用了viewstate加密功能的2.0应用程序。解决方案是更积极地管理视图状态大小。

Event validation exceptions are more likely to happen when a malicious user is crafting a custom postback response, so I don't think event validation is involved here.




Just a guess: have you disabled EventValidation on the site? Sounds like something is trying to create a manual postback or otherwise insert data directly into the http request's post data, and isn't calculated the correct value for the viewstate field. This in turn causes the decryption to fail spectacularly.


With EventValidation turned on you'll get an exception even if they calculate everything correctly, but at least it's a meaningful exception.




'/'应用程序中的服务器错误。 ASP.NET - Server Error in '/' Application. ASP.NET “/”应用程序中的服务器错误。与相同的路线 - Server Error in '/' Application. with same route 组件中我的应用程序中的奇怪错误 - Very strange error in my app from component “/”应用程序中的服务器错误。不正确的语法)的附近 - Server Error in '/' Application. Incorrect Syntax near ')' 由于奇怪的DLL错误,WPF应用程序无法启动 - WPF application fails to start due to strange dll error PyCOMPS应用程序中的奇怪错误:没有找到最后“y”的脚本 - Strange error in a PyCOMPSs application: Script without last “y” not found ASP.NET随机错误:'/'应用程序中的服务器错误。你调用的对象是空的 - ASP.NET Random error: Server Error in '/' Application. Object reference not set to an instance of an object net 4.0应用程序中的Page.GetRouteUrl()错误。URL路由的任何帮助 - Wrong Page.GetRouteUrl() in asp.net 4.0 application. Any help for URL routing “'''应用程序中的服务器错误。在重构命名空间之后,Sequence不包含任何元素 - “Server Error in '/' Application. Sequence contains no elements” after refactoring namespace '/'应用程序中的服务器错误。没有为此对象定义无参数构造函数 - Server Error in '/' Application. No parameterless constructor defined for this object
粤ICP备14056181号  © 2014-2020 ITdaan.com