InvalidOperationException in System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded
A Microsoft patch for ASP.Net released on the 29th of December 2011 adds a new functionality that rejects POST http requests with more than 1000 keys and any JSON http request with more than 1000 members. That is pretty huge, and if you have encountered this exception:
Operation is not valid due to the current state of the object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: Operation is not valid due to the current state of the object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148
[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133
then your site has been affected by this patch.
Well, you probably know that something is wrong with the design of a page that sends 1000 POST values, but still, let's assume you are in a situation where you cannot change the design of the application and you just want the site to work. Never fear, use this:
More details:
Knowledge base article about it
The security advisor for the vulnerability fixed
The entire MS11-100 security update bulletin
Operation is not valid due to the current state of the object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: Operation is not valid due to the current state of the object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148
[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133
then your site has been affected by this patch.
Well, you probably know that something is wrong with the design of a page that sends 1000 POST values, but still, let's assume you are in a situation where you cannot change the design of the application and you just want the site to work. Never fear, use this:
<configuration xmlns=”http://schemas.microsoft.com/.NetConfiguration/v2.0″>
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="5000" />
<add key="aspnet:MaxJsonDeserializerMembers" value="5000" />
</appSettings>
</configuration>
More details:
Knowledge base article about it
The security advisor for the vulnerability fixed
The entire MS11-100 security update bulletin
Comments
Awesome. You made my day. Thank you very much
GouthamThank you so~~~ much.
dhkimThanks for sharing.
AnonymousThank you for the posting. It solves my problem
SimonThanks for posting this solution. This is awesome it works fine for me ....gr8 site Williams dhanaraj
Williams DhanarajAll of them :) And then remove the setting where you think it might be useful to have this new Microsoft behaviour.
SideriteI'm getting this error on a form that is part of an Intranet SharePoint site. How do I know which web.config file to put this in?
DeanApparently there are many people that have problems with pages that send too many keys, myself included.
AnonymousThanks for posting the solution. It explains why a web page that had been working stopped without having been changed.
SteveThank
AnonymousThanks a lot for the solution
AnonymousExcellent!! Thanks!
KyleThanks so much for posting the solution!
AnonymousThanks a lot. It works
AnonymousThanks alot, it work out It was putting breakpoints in every code block, but it did not hit any of them Great Post
AnonymousThank you!! Spent the last 4 hours trying to fix this issue and this worked!
Anonymous3 days of debugging then found this post. thnx!!
kgmailYou are AWESOME, thanks a lot this helped me solve my error immediatly after spending hours of trouble shooting and debugging I finally managed to find out what the issue was - thank you very much for supplying this valuable piece of information!
AnonymousGreat job.
AnonymousThanks allot, this helped me to resolve my problem too. Great blog. thanks with regards S
AnonymousBrilliant post, thanks very much for this it helped a lot. It really confused me as it wasn't even getting anywhere near the code behind before giving me this error.
Anonymous