Invalid_Viewstate exception with Invalid character in a Base-64 st

[Guest]

I have read many things about this but I haven't got a clear vision on what
to do if anything about this.



I have a system that tries to find holes in my web site. One of the things
it has found and has been sent to me is

an Invalid_Viewstate exception. I will provide the stack trace below. If
you read down the stack trace it talks about "Invalid chararcter in a base-64
string" error. After reading much about this have not found any resolution.
I did read where one person said that people hit sites that require
information and they sending bad or spam in hopes the site will forward the
information on to an email and my site is capturing that because they also
are changing the hidden field _VIEWSTATE which in turn causes this exception.
I also read that the data that is being entered is not passing validation
and there is a need to trap for it.



so I still don't know what is exactly causing this error and should I worry
about it.



Here is the stack trace

The error description is as follows :

System.Web.HttpUnhandledException: Exception of type
System.Web.HttpUnhandledException was thrown. ---> System.Web.HttpException:
Invalid_Viewstate

Client IP: 64.14.3.222

Port: 40520

User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; MSIE 6.0; ScanAlert;
+http://www.scanalert.com/bot.jsp) Firefox/2.0.0.3

ViewState: ("blah blah blah" a bunch of encrypted data or something that I
am just going to leave out)

Http-Referer:

Path: /folder/myGatherInformationPage.aspx. ---> System.FormatException:
Invalid character in a Base-64 string.

at System.Convert.FromBase64String(String s)

at System.Web.UI.LosFormatter.Deserialize(String input)

at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()

--- End of inner exception stack trace ---

at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()

at System.Web.UI.Page.LoadPageViewState()

at System.Web.UI.Page.ProcessRequestMain()

--- End of inner exception stack trace ---

at System.Web.UI.Page.HandleError(Exception e)

at System.Web.UI.Page.ProcessRequestMain()

at System.Web.UI.Page.ProcessRequest()

at System.Web.UI.Page.ProcessRequest(HttpContext context)

at
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)



Any help would greatly be appreciated.



PaulP

MCP

 

[Dave Bush]

Unless you get that same error when human submits the page, I would
ignore it. ScanAlert is sending a bot to the page trying to break it (as
you said) and .NET is making sure that it can't.

-----Original Message-----
From: Paul Phillips [mailto[email protected]]
Posted At: Friday, November 02, 2007 9:37 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Invalid_Viewstate exception with Invalid character in a
Base-64 st
Subject: Invalid_Viewstate exception with Invalid character in a Base-64
st

I have read many things about this but I haven't got a clear vision on
what
to do if anything about this.



I have a system that tries to find holes in my web site. One of the
things
it has found and has been sent to me is

an Invalid_Viewstate exception. I will provide the stack trace below. If
you read down the stack trace it talks about "Invalid chararcter in a
base-64
string" error. After reading much about this have not found any
resolution.
I did read where one person said that people hit sites that require
information and they sending bad or spam in hopes the site will forward
the
information on to an email and my site is capturing that because they also
are changing the hidden field _VIEWSTATE which in turn causes this
exception.
I also read that the data that is being entered is not passing validation
and there is a need to trap for it.



so I still don't know what is exactly causing this error and should I
worry
about it.



Here is the stack trace

The error description is as follows :

System.Web.HttpUnhandledException: Exception of type
System.Web.HttpUnhandledException was thrown. --->
System.Web.HttpException:
Invalid_Viewstate

Client IP: 64.14.3.222

Port: 40520

User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; MSIE 6.0; ScanAlert;
+http://www.scanalert.com/bot.jsp) Firefox/2.0.0.3

ViewState: ("blah blah blah" a bunch of encrypted data or something that I
am just going to leave out)

Http-Referer:

Path: /folder/myGatherInformationPage.aspx. ---> System.FormatException:
Invalid character in a Base-64 string.

at System.Convert.FromBase64String(String s)

at System.Web.UI.LosFormatter.Deserialize(String input)

at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()

--- End of inner exception stack trace ---

at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()

at System.Web.UI.Page.LoadPageViewState()

at System.Web.UI.Page.ProcessRequestMain()

--- End of inner exception stack trace ---

at System.Web.UI.Page.HandleError(Exception e)

at System.Web.UI.Page.ProcessRequestMain()

at System.Web.UI.Page.ProcessRequest()

at System.Web.UI.Page.ProcessRequest(HttpContext context)

at
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)



Any help would greatly be appreciated.



PaulP

MCP

 

[Guest]

there are two steps to viewstate before its rendered. first its encrypted to
a binary string, then the binary string is converted to safe ascii by base64
encoding (an old e-mail binary encoding format) .

when a postback happen, the base64 string is converted to binary, then is
decrypted. there are two error that can happen with base64 decode

1) invalid char, as the name implies there are only 64 ascii characters in
the set, so a character outside this causes the error.

2) invalid length. due to the encoding method the base64 string len shoudl
be a multiple of three. if not an error occurs.

once decoded its decrypted which has is own set of errors, depending on the
keys used.

base64 error are generally caused by two senerios.

1) a robot/ screen scraper application not handling getting a fresh copy of
viewstate, though this is usually seen as an encryption error.
2) an extra long viewstate getting truncated becuase the application or
proxy truncates it.

-- bruce (sqlwork.com)

 

[Guest]

Bruce,
So from what you said, should I be concerned?

Paul

 

[kaza]

Bruce,
So from what you said, should I be concerned?

Paul













- Show quoted text -

Hi,

i have sam problem in intranet, and I am sure this are nobots or
anything, i know their names. it happens 2-3 times (of 1000 page
views) a day and by resubmitting the page problem disapears,but still
it is quite anoying. do you know have any suggestioins?

ps. it is very regulated corporate enviroment all users have same
browsers (IE6) with same sp and javascript enabled and all are runing
win-xp-sp2


thanks
almir

 

[Dave Bush]

It sounds like the ViewState hash is set to "auto" in the server's
machine.config file. If this is true then you'd get a new key everytime
the app pool recycles.

Fortunately, you should be able to override those values in web.config

Go here and create your machineKey element
http://aspnetresources.com/tools/keycreator.aspx and then place it in
your web.config file inside the <system.web> element that is nested
insite the top level element named <configuration>

If I'm right about the problem, this should fix your issue.

-----Original Message-----
From: kaza [mailto:[email protected]]
Posted At: Saturday, November 03, 2007 4:17 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Invalid_Viewstate exception with Invalid character in a
Base-64 st
Subject: Re: Invalid_Viewstate exception with Invalid character in a
Base-6

Bruce,
So from what you said, should I be concerned?

Paul











System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutio
nSt-ep.Execute()

- Show quoted text -

Hi,

i have sam problem in intranet, and I am sure this are nobots or
anything, i know their names. it happens 2-3 times (of 1000 page
views) a day and by resubmitting the page problem disapears,but still
it is quite anoying. do you know have any suggestioins?

ps. it is very regulated corporate enviroment all users have same
browsers (IE6) with same sp and javascript enabled and all are runing
win-xp-sp2


thanks
almir