ASP.NET Viewstate Bug

[Patrice]

Does it happens when the request goes on a machine but was previously
handled by the other one (for example because it keeps the client IP/machine
association during a period that is less than the ASP.NET session timeout) ?

Patrice

"pmgower" <anonymous@discussions.microsoft.com> a écrit dans le message de
news:9FF15FAD-7667-4F3D-814F-CF3896A12D53@microsoft.com...

> Background:
> I wrote an ASP.NET website in C# and it went into production back in
> February 2004. The production webservers (2 servers using sticky-ip
> load balancing) are running on Windows 2000 server. I have changed
> the machineKeys to match on both servers since they are pseudo-Load
> Balanced. The website is using Forms Authentication and the userid &
> password are stored in a SQL Server 2000 Database. There are not any
> dynamic control creation sections on the page.
>
> Problem:
> These HttpExceptions are happening periodically on every page
> including the login page. I have turned off the enableViewstateMAC in
> the machine.config file and we no longer had any HttpExceptions. Due
> to the security risk I have turned that feature back on and am trying
> to find a solution to this issue. As soon as I changed the
> "enableViewstateMAC" from false to true we recieved several errors.
>
> You can view another discussion that I have had on the Code Project
> website

[url]http://www.codeproject.com/script/comments/forums.asp?msg=785002&forumid=12076[/url]

> if you would like to find out more background information about this
> problem.
>
> Thanks for your help,
> Paul

[Joseph E Shook [MVP - ADSI]]

I looked over the discussion you referred to. I did notice that you do
use loadcontrol to populate a PlaceHolder control. You did say that you
have other pages that do not use this technique and they still have view
state errors. So I would tend to become more suspicious that I may have
other code like that in my pages. Maybe you have a user control that
does dynamic loading that you are missing.

Either way for your information you may want to investigate exactly what
is in viewstate. You can use Paul Wilson's online viewstate parser at
[url]http://www.wilsondotnet.com/Demos/ViewState.aspx[/url]

Usually if you really are having a viewstate error related to
dynamically loaded controls you should experience a "Specified cast is
not valid" error somewhere along your adventures also (most likely
related to dynamically loading usercontrols although).

In general I follow the following convention when dynamically loading
controls.

- LoadControls in the Init method.
- BindData int the Page_load event for those dynamically loaded controls
but do not rebind on postback (You know, check for Page.IsBostBack).
- If you see a bunch of binding code spread throughout a page then be
very suspicious. In general you should only bind to a data source on
the first request to a page and then only in response to events that
change data such as deleting, updating and creating.

That is my 2 cents. I didn't exactly answer your question but maybe if
I am lucky I may ask the right question to get you thinking about options.

Good luck.

And remember to look at all of your logs, IIS logs, event logs, your own
custom instrumentation logs, maybe hook into the Global.asax error event
(Application_Error) and see what goodies maybe be lurking for you there.
You could capture "Failed to load viewstate" error messages in the
System.Web.HttpException payload. Actually I think it will be inside of
a System.Web.HttpUnhandledException.





pmgower wrote:

> Background:
> I wrote an ASP.NET website in C# and it went into production back in
> February 2004. The production webservers (2 servers using sticky-ip
> load balancing) are running on Windows 2000 server. I have changed
> the machineKeys to match on both servers since they are pseudo-Load
> Balanced. The website is using Forms Authentication and the userid &
> password are stored in a SQL Server 2000 Database. There are not any
> dynamic control creation sections on the page.
>
> Problem:
> These HttpExceptions are happening periodically on every page
> including the login page. I have turned off the enableViewstateMAC in
> the machine.config file and we no longer had any HttpExceptions. Due
> to the security risk I have turned that feature back on and am trying
> to find a solution to this issue. As soon as I changed the
> "enableViewstateMAC" from false to true we recieved several errors.
>
> You can view another discussion that I have had on the Code Project
> website [url]http://www.codeproject.com/script/comments/forums.asp?msg=785002&forumid=12076[/url]
> if you would like to find out more background information about this
> problem.
>
> Thanks for your help,
> Paul