.net应用程序中的奇怪错误。 - RijndaelManaged

[英]Strange Error in .net Application. - RijndaelManaged


During a recent load test, I've been getting some strange "Index Out of Range Exception"

在最近的负载测试中,我得到了一些奇怪的“索引超出范围异常”

Stack trace:

 at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
   at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
   at System.Web.UI.Page.DecryptString(String s)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

We are not using a farm or cluster, and I am not using any cryptography in the app.

我们没有使用服务器场或群集,我没有在应用程序中使用任何加密。

It appears that this is happening in the behind the scenes .Net classes.

这似乎发生在幕后的.Net类中。

I figure this has something to do with viewstate, but I can't find out why this is being thrown.

我认为这与viewstate有关,但我无法找出为什么抛出它。

Any Ideas?

2 个解决方案

#1


1  

If someone initiates a post, the application starts sending the post with all 500KBs of viewstate. Half way through postback, the user gets bored and clicks something else. The browser cuts off the postback with just part of the viewstate. The server throws an error that says the viewstate is borked. I would guess this is a 2.0 application with the viewstate encryption feature turned on. The solution is to manage viewstate size more aggressively.

如果有人发起帖子,则应用程序开始发送包含所有500KB viewstate的帖子。在回发的一半时,用户会感到无聊并点击其他内容。浏览器仅使用viewstate的一部分来切断回发。服务器抛出一个错误,表示视图状态已被阻止。我猜这是一个启用了viewstate加密功能的2.0应用程序。解决方案是更积极地管理视图状态大小。

Event validation exceptions are more likely to happen when a malicious user is crafting a custom postback response, so I don't think event validation is involved here.

当恶意用户制作自定义回发响应时,更有可能发生事件验证异常,因此我不认为此处涉及事件验证。

#2


0  

Just a guess: have you disabled EventValidation on the site? Sounds like something is trying to create a manual postback or otherwise insert data directly into the http request's post data, and isn't calculated the correct value for the viewstate field. This in turn causes the decryption to fail spectacularly.

只是一个猜测:您是否在网站上禁用了EventValidation?听起来像是在尝试创建手动回发或以其他方式将数据直接插入到http请求的发布数据中,并且没有为viewstate字段计算正确的值。这反过来导致解密失败。

With EventValidation turned on you'll get an exception even if they calculate everything correctly, but at least it's a meaningful exception.

启用EventValidation即使他们正确地计算了所有内容,你也会得到一个例外,但至少它是一个有意义的例外。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2008/11/25/f1ec9de6c75730fbd33f06e63ae66b52.html



'/'应用程序中的服务器错误。 ASP.NET - Server Error in '/' Application. ASP.NET “/”应用程序中的服务器错误。与相同的路线 - Server Error in '/' Application. with same route 组件中我的应用程序中的奇怪错误 - Very strange error in my app from component “/”应用程序中的服务器错误。不正确的语法)的附近 - Server Error in '/' Application. Incorrect Syntax near ')' 由于奇怪的DLL错误,WPF应用程序无法启动 - WPF application fails to start due to strange dll error PyCOMPS应用程序中的奇怪错误:没有找到最后“y”的脚本 - Strange error in a PyCOMPSs application: Script without last “y” not found ASP.NET随机错误:'/'应用程序中的服务器错误。你调用的对象是空的 - ASP.NET Random error: Server Error in '/' Application. Object reference not set to an instance of an object net 4.0应用程序中的Page.GetRouteUrl()错误。URL路由的任何帮助 - Wrong Page.GetRouteUrl() in asp.net 4.0 application. Any help for URL routing “'''应用程序中的服务器错误。在重构命名空间之后,Sequence不包含任何元素 - “Server Error in '/' Application. Sequence contains no elements” after refactoring namespace '/'应用程序中的服务器错误。没有为此对象定义无参数构造函数 - Server Error in '/' Application. No parameterless constructor defined for this object
 
粤ICP备14056181号  © 2014-2020 ITdaan.com