This project has moved. For the latest updates, please go here.

Suddenly getting the ThrowIfMaxHttpCollectionKeysExceeded error when uploading

Sep 24, 2012 at 8:59 PM

Hey Michel,

I didn't use the control in one of my projects for 2 weeks and now when I tried to upload I ran into an 500 Internal Server Error and the "Upload failed" string in Silverlight control.

I went on to investigate and installed ELMAH into the project to figure out the 500 Internal Server Error is actually this:

System.Web.HttpException (0x80004005): The URL-encoded form data is not valid. ---> System.InvalidOperationException: Operation is not valid due to the current state of the object.
   at System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded()
   at System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding)
   at System.Web.HttpRequest.FillInFormCollection()
   at System.Web.HttpRequest.FillInFormCollection()
   at System.Web.HttpRequest.get_Form()

Of course, I investigated further and figured there was a MS security bulletin on the number of POSTed form entries in ASP.NET. I checked my updates and figured out this KB article update was installed a few day after I implemented the MVC sample (posting to controller).

I found out this supposed solution but it makes no difference for me:

	<appSettings>
		<add key="aspnet:MaxHttpCollectionKeys" value="1000000"></add>
	</appSettings>

Do you have any idea what else I could try to fix this? Do you think the SL control could be changed to not POST such a large number of items (if that's even the root cause of this problem)?

Sep 24, 2012 at 9:15 PM

Right, after restarting IIS Express the key that was added to the web.config did start to work, so I get passed the above exception and ELMAH now logs:

System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (="...)ٌ��`\($�<U�l�|���:�sJ3�k��...").

?? 


Sep 24, 2012 at 9:35 PM

All right, the destination action on the controller requires [ValidateInput(false)] attribute and in the web.config you have to add the

<httpRuntime requestValidationMode="2.0" />

within <system.web> element. However, this is only temporary fix.

Sep 24, 2012 at 9:36 PM

All right, the destination action on the controller requires [ValidateInput(false)] attribute and in the web.config you have to add the

<httpRuntime requestValidationMode="2.0" />

within <system.web> element. However, this is only temporary fix.

Sep 24, 2012 at 9:36 PM

All right, the destination action on the controller requires [ValidateInput(false)] attribute and in the web.config you have to add the

<httpRuntime requestValidationMode="2.0" />

within <system.web> element. However, this is only temporary fix.

Coordinator
Sep 25, 2012 at 6:04 AM

Try adding the attribute [ValidateInput(false)] to your controller's action.