Ajax error: inexplicably invalid attempt status/fill is invalid and cannot be removed

Source: Internet
Author: User
Document directory
  •  

Ajax error: Inexplicable invalid attempt status
Problem description:

Event code: 3005
Event message: An unhandled exception occurs.
Event Time: 2009-7-11 10:43:04
Event Time (UTC): 2009-7-11 2:43:04
Event ID: 794295d63c9649c990429dab9f7b74d5
Event Sequence: 933
Event occurrence: 1
Event detail code: 0

Application information:
Application domain:/lm/w3svc/1863575495/root-2-128917536981250000
Trust level: full
Application virtual path :/
Application Path: H: \ m \
Machine name: Bafang

Process Information:
Process ID: 5040
Process name: w3wp.exe
Account name: nt authority \ Network Service

Exception information:
Exception type: httpexception
Exception message: the view status is invalid.

Request Information:
Request URL: http: // M. *. com/scriptresource. axd? D = zcIytDg6Gyhfli9XzTKLeTJMi59-NToiJUEhNv6_PjlayEdREDejfMUIolCzIbInc6_nF4BvRhSlXDnHHVc3mT0Q8tWZyZ_n =
Request Path:/scriptresource. axd
User host address: 121.35.2.51
User:
Is authenticated: false
Authentication Type:
Thread Account name: nt authority \ Network Service

Thread information:
Thread ID: 22
Thread Account name: nt authority \ Network Service
Is Impersonating: false
Stack trace: In system. Web. UI. Page. decryptstringwithiv (string S, ivtype)
In system. Web. UI. Page. decryptstring (string S)

Custom Event details:
For more information, see Help and Support Center in http://go.microsoft.com/fwlink/events.asp.

Solution:
When using webresource to manage resources, we often receive exceptions similar to the following.:
System. Web. httpexception: The view status is invalid.
System. Security. cryptography. cryptographicexception: The filling is invalid and cannot be removed.
For example, this problem is raised in the following articles:
Annoying cryptographicexception on webresource. axd
Http://forums.asp.net/t/934913.aspx
ASP. NET's webresource. axd and machinekey badness
Http://blog.aproductofsociety.org /? P = 11

This is because the parameters of webresource. axd URL are time-sensitive. However, for search engine crawlers, they often access the expired addresses of these parameters, so the above exception occurs.
There is no better solution to this question. In the Microsoft forum, the following information is added to the robots.txt file:
User-Agent :*
Disallow:/*. axd $ but this requires crawlers that follow the robots.txt specifications to obtain the latest robots.txt. There is no way for crawlers that do not follow the robots.txt specification.

My current idea is that webresource. axd is useless, because there are too many crawlers that do not comply with the robots.txt specifications. In this case, we need to analyze the resources in webresource. axd in those scenarios, that is, we need to analyze the format of webresource. axd.

URL format of webresource. axdYes:
Webresource. axd? D = encrypted identifier & t = timestamp value.
Where:
"D" indicates the request for web resources. (Encrypted identifier)
"T" is a timestamp pair to the Assembly, which helps in determining if a change request has been made to the resource.

T parameter does not make sense for us to analyze who uses it. Next we will analyze the D parameter.

The parsing code of the d parameter is as follows:
<% @ Page Language = "C #" autoeventwireup = "true" %> <SCRIPT runat = "server"> Public static string pagedecryptstring (string input) {type = typeof (system. web. UI. page); object o = activator. createinstance (type); system. reflection. methodinfo MI = type. getmethod ("decryptstring ",
System. reflection. bindingflags. nonpublic | system. reflection. bindingflags. Static,
Null, new type [] {typeof (string)}, null); object result = mi. invoke (O, new object [] {input}); return result. tostring ();} protected void btn_post_click (Object sender, eventargs e) {This. rochelle info.text = pagedecryptstring (httputility. urldecode (tb_webresourcedvalue.text) ;}</SCRIPT> <HTML xmlns = "http://www.w3.org/1999/xhtml"> <body> <Form ID = "form1" runat = "server"> <asp: textbox id = "tb_webresourcedvalue" runat = "server"/> <br/> <asp: Label id = "l_info" runat = "server"/> <br/> <asp: button id = "btn_post" runat = "server" text = "computing" onclick = "btn_post_click"/> </form> </body> <Add Path = "webresource. axd" verb = "get" type = "system. Web. Handlers. assemblyresourceloader" Validate = "true"/>
In the system. Web. Handlers. assemblyresourceloader class, you can use the reflector tool to view the following code:

Void ihttphandler. processrequest (httpcontext context ){//... string STR = context. request. querystring ["D"]; //... string str2 = page. decryptstring (STR );//...} obviously, the parameter D should be passed through page. the decryptstring function is used for parsing.
In the page. decryptstring function, the default encryption key configured in Web configuration is called. For simplicity, the parsing method here is implemented on the Asp.net page. Since the page. decryptstring function is internal static, the code above uses reflection to call this function and obtain the expected value.
(To ensure that the decryption key of the decryption algorithm is consistent, the simplest way is to put the above decryption ASPX page on the same server as the one to be parsed)
The above qfrkdnww93t08kaf3ioskq2 decryption result is: S | webforms. js vertical bars are only used to separate different values in strings. "S" indicates that the data is a script, and "webforms. js" indicates the name of the resource to be retrieved. Webforms. js resources can be retrieved from system. Web. dll.
Similarly, the above 9ivku5ss0wd5al1syg8zjl8xxbp97lbenhery4altjk1 decryption result is: S | webuivalidation. js
Obviously, if such a webresource. axd call occurs, it is necessary to verify that the control is being called.
We want
<SCRIPT src = "/webresource. axd? D = qfrkdnww93t08kaf3ioskq2 & t = 633313193233609691 "type =" text/JavaScript "> </SCRIPT>
<SCRIPT src = "/webresource. axd? D = 9ivku5ss0wd5al1syg8zjl8xxbp97lbenhery4altjk1 & t = 633313193233609691 "type =" text/JavaScript "> </SCRIPT>
If it does not appear, you need to disable the verification control that calls webforms. js and webuivalidation. js scripts.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.