InvalidOperationException in System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded
A Microsoft patch for ASP.Net released on the 29th of December 2011 adds a new functionality that rejects POST http requests with more than 1000 keys and any JSON http request with more than 1000 members. That is pretty huge, and if you have encountered this exception:
Operation is not valid due to the current state of the object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: Operation is not valid due to the current state of the object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148
[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133
then your site has been affected by this patch.
Well, you probably know that something is wrong with the design of a page that sends 1000 POST values, but still, let's assume you are in a situation where you cannot change the design of the application and you just want the site to work. Never fear, use this:
More details:
Knowledge base article about it
The security advisor for the vulnerability fixed
The entire MS11-100 security update bulletin
Operation is not valid due to the current state of the object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: Operation is not valid due to the current state of the object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148
[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133
then your site has been affected by this patch.
Well, you probably know that something is wrong with the design of a page that sends 1000 POST values, but still, let's assume you are in a situation where you cannot change the design of the application and you just want the site to work. Never fear, use this:
<configuration xmlns=”http://schemas.microsoft.com/.NetConfiguration/v2.0″>
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="5000" />
<add key="aspnet:MaxJsonDeserializerMembers" value="5000" />
</appSettings>
</configuration>
More details:
Knowledge base article about it
The security advisor for the vulnerability fixed
The entire MS11-100 security update bulletin
Brilliant post, thanks very much for this it helped a lot.
ReplyDeleteIt really confused me as it wasn't even getting anywhere near the code behind before giving me this error.
Thanks allot, this helped me to resolve my problem too. Great blog.
ReplyDeletethanks with regards
S
Great job.
ReplyDeleteYou are AWESOME, thanks a lot this helped me solve my error immediatly after spending hours of trouble shooting and debugging I finally managed to find out what the issue was - thank you very much for supplying this valuable piece of information!
ReplyDelete3 days of debugging then found this post. thnx!!
ReplyDeleteThank you!! Spent the last 4 hours trying to fix this issue and this worked!
ReplyDeleteThanks alot, it work out
ReplyDeleteIt was putting breakpoints in every code block, but it did not hit any of them
Great Post
Thanks a lot. It works
ReplyDeleteThanks so much for posting the solution!
ReplyDeleteExcellent!! Thanks!
ReplyDeleteThanks a lot for the solution
ReplyDeleteThank
ReplyDeleteThanks for posting the solution. It explains why a web page that had been working stopped without having been changed.
ReplyDeleteApparently there are many people that have problems with pages that send too many keys, myself included.
ReplyDeleteI'm getting this error on a form that is part of an Intranet SharePoint site. How do I know which web.config file to put this in?
ReplyDeleteAll of them :) And then remove the setting where you think it might be useful to have this new Microsoft behaviour.
ReplyDeleteThanks for posting this solution. This is awesome it works fine for me ....gr8 site
ReplyDeleteWilliams dhanaraj
Thank you for the posting. It solves my problem
ReplyDeleteThanks for sharing.
ReplyDeleteThank you so~~~ much.
ReplyDeleteAwesome. You made my day. Thank you very much
ReplyDelete