ASP.NET 在處理 HTTP POST 要求時最多只能接受 1,000 個參數,一般來說不會有人透過 POST 傳遞表單資料超過 1,000 個欄位 ( 以筆者的經驗來說,傳過最多的一次是 700 個欄位,當時是個問卷系統 ),如果傳數參數超過 1,000 筆的話,就會出現 Operation is not valid due to the current state of the object. (英文) 或 由於該物件目前的狀態,導致作業無效。 (中文) 例外狀況,細部的例外訊息會有 HttpException (0x80004005): The URL-encoded form data is not valid. (英文) 或 HttpException (0x80004005): URL 編碼型式資料無效。
參考:http://blog.miniasp.com/post/2012/01/01/Efficient-Denial-of-Service-Attacks-on-Web-Application-Platforms.aspx
解:
web.config加下面這個設定
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="5000" />
</appSettings>
HttpApplication Events:
Application_AcquireRequestState
Occurs when ASP.NET acquires the current state (for example, session state) that is associated with the current request.
Application_AuthenticateRequest
Occurs when a security module has established the identity of the user.
Application_AuthorizeRequest
Occurs when a security module has verified user authorization.
Application_BeginRequest
Occurs as the first event in the HTTP pipeline chain of execution when ASP.NET responds to a request.
Application_Disposed
Adds an event handler to listen to the Disposed event on the application.
Application_EndRequest
Occurs as the last event in the HTTP pipeline chain of execution when ASP.NET responds to a request.
Application_Error
Occurs when an unhandled exception is thrown.
Application_PostAcquireRequestState
Occurs when the request state (for example, session state) that is associated with the current request has been obtained.
Application_PostAuthenticateRequest
Occurs when a security module has established the identity of the user.
Application_PostAuthorizeRequest
Occurs when the user for the current request has been authorized.
Application_PostMapRequestHandler
Occurs when ASP.NET has mapped the current request to the appropriate event handler.
Application_PostReleaseRequestState
Occurs when ASP.NET has completed executing all request event handlers and the request state data has been stored.
Application_PostRequestHandlerExecute
Occurs when the ASP.NET event handler (for example, a page or an XML Web service) finishes execution.
Application_PostResolveRequestCache
Occurs when ASP.NET bypasses execution of the current event handler and allows a caching module to serve a request from the cache.
Application_PostUpdateRequestCache
Occurs when ASP.NET completes updating caching modules and storing responses that are used to serve subsequent requests from the cache.
Application_PreRequestHandlerExecute
Occurs just before ASP.NET begins executing an event handler (for example, a page or an XML Web service).
Application_PreSendRequestContent
Occurs just before ASP.NET sends content to the client.
Application_PreSendRequestHeaders
Occurs just before ASP.NET sends HTTP headers to the client.
Application_ReleaseRequestState
Occurs after ASP.NET finishes executing all request event handlers. This event causes state modules to save the current state data.
Application_ResolveRequestCache
Occurs when ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the event handler (for example, a page or an XML Web service).
Application_UpdateRequestCache
Occurs when ASP.NET finishes executing an event handler in order to let caching modules store responses that will be used to serve subsequent requests from the cache.
Application_Init
This method occurs after _start and is used for initializing code.
Application_Start
As with traditional ASP, used to set up an application environment and only called when the application first starts.
Application_End
Again, like classic ASP, used to clean up variables and memory when an application ends.
Session Events:
Session_Start
As with classic ASP, this event is triggered when any new user accesses the web site.
Session_End
As with classic ASP, this event is triggered when a user's session times out or ends. Note this can be 20 mins (the default session timeout value) after the user actually leaves the site.
Profile Events:
Profile_MigrateAnonymous
Occurs when the anonymous user for a profile logs in.
Passport Events:
PassportAuthentication_OnAuthenticate
Raised during authentication. This is a Global.asax event that must be named PassportAuthentication_OnAuthenticate.
Possibly more events defined in other HttpModules like:
System.Web.Caching.OutputCacheModule
System.Web.SessionState.SessionStateModule
System.Web.Security.WindowsAuthentication
System.Web.Security.FormsAuthenticationModule
System.Web.Security.PassportAuthenticationModule
System.Web.Security.UrlAuthorizationModule
System.Web.Security.FileAuthorizationModule
System.Web.Profile.ProfileModule
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<script type="text/javascript" src="/Scripts/jquery-1.7.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function () {
$(window).bind("paste", function () {
if (event.clipboardData) {
var clipboardData, found;
found = false;
clipboardData = event.clipboardData;
Array.prototype.forEach.call(clipboardData.items, function (item, i) {
if (item.type.indexOf("image") !== -1) {
var blob = clipboardData.items[i].getAsFile();
var URL = window.URL || window.webkitURL;
var source = URL.createObjectURL(blob);
pastedImage = new Image();
pastedImage.src = source;
pastedImage.onload = function () {
var canvas = document.createElement("canvas");
var ctx = canvas.getContext("2d");
canvas.width = pastedImage.width;
canvas.height = pastedImage.height;
ctx.drawImage(pastedImage, 0, 0);
var base64 = canvas.toDataURL();
base64 = base64.substring(base64.indexOf("iVBOR"));
$.ajax({
url: "/API/AddTaskImages.aspx",
async: false,
type: "POST",
data: ({
Image: base64
}),
dataType: "html",
success: function (msg) {
var oRes;
try {
oRes = eval(msg);
}
catch (err) {
alert("無法解析傳回資料 !");
alert(msg);
alert(err);
}
if (oRes.success) {
alert("Upload Success..");
//alert(oRes.msg);
$("#MyImageDataLoadDemo").attr("src", oRes.msg);
} else {
alert(oRes.msg);
}
},
error: function (xhr, ajaxOptions, thrownError) {
alert(xhr.status);
alert(thrownError);
}
})
};
return false;
}
});
}
});
});
</script>
</head>
<body>
<div id="hold">
<div id="imgHold"><img src="" id="MyImageDataLoadDemo"></div>
<div>Click on the area above and ctrl+p an image to paste</div>
</div>
</body>
</html>
Server Side 的程式碼如下:
Partial Class API_AddTaskImages
Inherits System.Web.UI.Page
Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
'DB.sysconfig.Path.TaskAttachment
Dim Base64 As String = Me.Request("Image")
'UW.JSON.WriteErrorMessage(Base64)
'Return
Dim imageBytes As Byte() = Convert.FromBase64String(Me.Request("Image"))
Dim ms As System.IO.MemoryStream = New System.IO.MemoryStream(imageBytes, 0, imageBytes.Length)
ms.Write(imageBytes, 0, imageBytes.Length)
Dim image As System.Drawing.Image = System.Drawing.Image.FromStream(ms, True)
Dim map As Bitmap
Dim Filename As String = Now.ToString("yyyyMMddHHmmssfff") & ".png"
Try
System.IO.Directory.CreateDirectory(DB.sysconfig.Path.TaskAttachment & "UploadImages")
image.Save(DB.sysconfig.Path.TaskAttachment & "UploadImages\" & Filename, System.Drawing.Imaging.ImageFormat.Png)
UW.JSON.WriteSuccessMessage(DB.sysconfig.URL.TaskAttachment & "UploadImages/" & Filename)
Catch ex As Exception
UW.JSON.WriteErrorMessage(ex.ToString)
End Try
End Sub
End Class
我是用此工具轉
http://www.developerfusion.com/tools/convert/vb-to-csharp/
轉換後,放到visual studio還是有很多毛毛蟲
整理一些問題, 希望能減少轉換上的困難
另外所有的 server control 的 On Event 所執行的function name (例如 Button 的 OnClick) 都要在 aspx 裡面設定
(這部分會在後台程式發生,因為轉換後常忘了加)
9. vbCrLf -> "\r\n"
vbTab -> "\t"
10. VB function 轉換
Conversion.Fix -> Math.Floor
Strings.Format(x, "###0.0") -> 用 x.ToString("N1");
11. EN 處理要多加注意,需額外加 (int) 才會顯示數值,很多 sql 指令這樣拼要小心
" where EN_產品性質 = " + SHOPUNT.EN.產品性質.非成品 ; -> where EN_產品性質 = 非成品 (會出錯)
" where EN_產品性質 = " + (int)SHOPUNT.EN.產品性質.非成品; -> where EN_產品性質 = 100
先整理這些 以後遇到再加上
※修改主目錄web.config
刪除(紅字)
*<compilation debug="true" targetFramework="4.0">
*<httpRuntime maxRequestLength="102400" requestValidationMode="2.0"></httpRuntime>
※修改虛擬目錄web.config
加上<remove assembly="...." />
1.如果网站程序不需要ASP.NET 4.0 的支持,那么可以直接配置网站使用ASP.NET 2.0。
2.如果网站程序需要ASP.NET 4.0的支持,就需要将该网站下使用ASP.NET 2.0的虚拟目录移动到其他网站。
3.如果上面两种方法都不适用于你的实际情况,那么就只能用这种方法了:
打开注册表找到“HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\ASP.NET\\4.0.30319.0”
添加键值名为“EnableExtensionlessUrls” 类型为“DWORD”的键值
并设置值为"0"
然后在cmd中运行“IISRESET”,重启IIS以读取注册表修改后的内容。
(重啟該應用程式集區即可):
注:此项修改就是关闭ASP.NET 4.0对无扩展URL的处理,若将此项键值设为“1”则开启。
參考:http://www.webjx.com/aspnet/2011-04-02/29024.html
A potentially dangerous Request.Form value was detected from the client (ContentBody_txtContent="<style type="text/cs...").
.aspx新增了<%@ Page validateRequest="false"%>
最後找到還需要在web.config裡面新增<httpRuntime requestValidationMode="2.0" />
相關專案: SINGTEX
[InvalidOperationException: 由於該物件目前的狀態,導致作業無效。]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148
[HttpException (0x80004005): URL 編碼型式資料無效。]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133
Error Msg:
若你的 Web 應用程式真的會傳遞超過 1,000 個欄位時,這個預設值也是可以設定的,請修改網站根目錄下的 web.config 檔,並在
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="2500" />
</appSettings>
http://blog.miniasp.com/post/2012/01/01/Efficient-Denial-of-Service-Attacks-on-Web-Application-Platforms.aspx