Event Validation Errors and Network Congestion in ASP.NET
来源:互联网 发布:天族女捏脸数据图 编辑:程序博客网 时间:2024/05/16 06:51
http://odetocode.com/blogs/scott/archive/2007/04/13/event-validation-errors-and-network-congestion-in-asp-net.aspx
Joseph Rattz emailed me about posts I wrote last year covering ASP.NET event validation (see ASP.NET Event Validation and "Invalid Callback Or Postback Argument"Part I and Part II). In the posts I describe one scenario where an event validation exception can appear, and describe how to prevent the exception. In the scenario, client side script dynamically adds values to a list (select) control. When the user POSTs the form to the server, ASP.NET sees a new value and concludes something is wrong. The list comes back to the server with a value that wasn't present when the list left the server. ASP.NET tracks the legal values by serializing them into a hidden input control with an ID of __EVENTVALIDATION. This event validation feature helps to prevent all sorts of form spoofing attacks.
Joe's scenario was odd, not only because the invalid postback argument exception appeared sporadically, but because the source of the exception was a TextBox control!
ArgumentException: Invalid postback or callback argument. ... System.Web.UI.ClientScriptManager.ValidateEvent(..) ... System.Web.UI.Control.ValidateEvent(..) ... System.Web.UI.WebControls.TextBox.LoadPostData(..) ...
What could ASP.NET possibly validate about a TextBox? A server can expect specific values from a DropDownList, but a plain TextBox allows free form text entry by the user. The answer (via Reflector), is that the TextBox control only validates that its UniqueID is present in the legal arguments described by the __EVENTVALIDATION data. Even after knowing this information, it's hard to see what could go possibly wrong with a TextBox.
Joe's theory, which I believe to be correct, is that the user might create a postback before their browser even receives the __EVENTVALIDATION form input. This could happen, for example, over a poor connection. The resulting POST won't contain the __EVENTVALIDATION input, and thus ASP.NET cannot validate the postback arguments. The klaxons wail. Glass breaks. The runtime throws an exception.
One way to validate this theory is to simulate network congestion with the following control. We flush out the output stream, sleep, and then continue rendering.
using System;
using System.Web.UI;
using System.Threading;
namespace OTC
{
public class FlushAndSleep : Control
{
protected override void Render(HtmlTextWriter writer)
{
writer.Write ("Begin Render<br>");
base.Render (writer);
Page.Response.Flush();
Thread.Sleep(2000);
writer.Write("End Render<br>");
}
}
}
Stick the control into the following page:
<%@ Page Language="C#" %>
<%@ Register TagPrefix="otc" Assembly="App_Code" Namespace="OTC" %>
<form id="form1" runat="server">
<div>
<asp:textbox runat="server" id="TextBox1" />
<asp:button runat="server" id="Button1" text="Submit" />
<br />
<otc:FlushAndSleep runat="server" ID="FlushAndSleep" />
</div>
</form>
Run the page and click the button as soon as it appears in the browser. Voila! Instant "invalid callback or postback argument" exception! If you ever see the exception occur sporadically, this might be the reason.
- Event Validation Errors and Network Congestion in ASP.NET
- ASP.NET Event Validation
- ASP.NET 2.0 的 Event Validation
- Validation expression in ASP.NET
- ASP.NET Validation in Depth
- ASP.NET Event Validation and “Invalid Callback Or Postback Argument” : Part I
- [ASPNET]ASP.NET Event Validation and “Invalid Callback Or Postback Argument” Troubleshooting info
- The Calendar Control and the DayRender Event in ASP.Net
- Validation CheckBoxList in asp.net form
- Network Layer - Congestion Control
- Client Side Validation with JavaScript in ASP.NET
- Sample Code on ASP.NET Validation in Depth
- char limit validation in multiline asp.net textbox
- Understanding Request Validation in ASP.NET MVC 3
- Part 82 - Creating custom validation attribute in asp.net mvc
- Part 85 - Enable client side validation in asp.net mvc
- Part 88 - Unobtrusive validation in asp.net mvc
- Part 89 - Remote validation in asp.net mvc
- 《学习OpenCV》练习题第三章第二题
- C:表达式、语句、声明
- C++读书笔记之重载双目运算符 Cplusplus overload binary operator
- 新手教程:建立网站的全套流程与详细解释
- 【Android 开发】:UI控件之 ImageView 从网络上获取图像
- Event Validation Errors and Network Congestion in ASP.NET
- 《学习OpenCV》练习题第二章第五题
- MySQL 5.5 权限导出脚本
- AndroidQuery 开源项目
- 来自各移动平台的设计指导方针
- 一个关于兑换零钱的豆瓣笔试题
- 题目1173:查找
- 事例学习开发WEBSERVER服务器(一)
- ASP.NET 页面传值简单总结 .