A Microsoft patch for ASP.Net released on the 29th of December 2011 adds a new functionality that rejects POST http requests with more than 1000 keys and any JSON http request with more than 1000 members. That is pretty huge, and if you have encountered this exception:
Operation is not valid due to the current state of the object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidOperationException: Operation is not valid due to the current state of the object.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:
[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148

[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133


then your site has been affected by this patch.

Well, you probably know that something is wrong with the design of a page that sends 1000 POST values, but still, let's assume you are in a situation where you cannot change the design of the application and you just want the site to work. Never fear, use this:

<configuration xmlns=”http://schemas.microsoft.com/.NetConfiguration/v2.0>
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="5000" />
<add key="aspnet:MaxJsonDeserializerMembers" value="5000" />
</appSettings>
</configuration>


More details:
Knowledge base article about it
The security advisor for the vulnerability fixed
The entire MS11-100 security update bulletin

Comments

Simon

Thank you for the posting. It solves my problem

Simon

Williams Dhanaraj

Thanks for posting this solution. This is awesome it works fine for me ....gr8 site Williams dhanaraj

Williams Dhanaraj

Siderite

All of them :) And then remove the setting where you think it might be useful to have this new Microsoft behaviour.

Siderite

Dean

I&#39;m getting this error on a form that is part of an Intranet SharePoint site. How do I know which web.config file to put this in?

Dean

Anonymous

Apparently there are many people that have problems with pages that send too many keys, myself included.

Anonymous

Steve

Thanks for posting the solution. It explains why a web page that had been working stopped without having been changed.

Steve

Anonymous

Thanks so much for posting the solution!

Anonymous

Anonymous

Thanks alot, it work out It was putting breakpoints in every code block, but it did not hit any of them Great Post

Anonymous

Anonymous

Thank you!! Spent the last 4 hours trying to fix this issue and this worked!

Anonymous

kgmail

3 days of debugging then found this post. thnx!!

kgmail

Anonymous

You are AWESOME, thanks a lot this helped me solve my error immediatly after spending hours of trouble shooting and debugging I finally managed to find out what the issue was - thank you very much for supplying this valuable piece of information!

Anonymous

Anonymous

Thanks allot, this helped me to resolve my problem too. Great blog. thanks with regards S

Anonymous

Anonymous

Brilliant post, thanks very much for this it helped a lot. It really confused me as it wasn&#39;t even getting anywhere near the code behind before giving me this error.

Anonymous

Post a comment