Tuesday, March 13, 2012

HttpException: The URL-encoded form data is not valid

An httpexception might be poping up in most of the ASP.NET 2.0 applications where there are lot of user controls on your view. Microsoft security update MS11-100 limits the maximum number of form keys, files, and JSON members to 1000 in an HTTP request. Because of this change, ASP.NET applications reject requests that have more than 1000 of these elements.
HTTP clients that make these kinds of requests will be denied, and an error message will appear in the web browser. The error message will usually have an HTTP 500 status code.


Exception information in Windows event log will contain:
Exception type: HttpException
Exception message: The URL-encoded form data is not valid

ASP.NET 2.0
If your application view reaches over 1000 elements, than you will need to configure this value in your web.config file. And following lines need to be added:

<configuration>
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="1000" />
</appSettings>
</configuration>


You should set the value to your need, and it should be any value over 1000. You can give value under 1000 as well if your application works on it.

ASP.NET 1.1
For .NET 1.1 web applications you will have to set a DWORD in registry. Following is the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\1.1.4322.0\MaxHttpCollectionKeys

JSON Limit
Applications that hit this limit for JSON payloads can configure as follows:

<configuration>
<appSettings>
<add key="aspnet:MaxJsonDeserializerMembers" value="1000" />
</appSettings>
</configuration>


Reference:
http://support.microsoft.com/kb/2661403

No comments:

Post a Comment