Unexpected: Throw If Max Http Collection Keys Exceeded

Add a comment April 24th, 2012

On Dec 29, 2011, Microsoft released a security update KB2656356 / MS11-100 (http://technet.microsoft.com/en-us/security/bulletin/ms11-100) for ASP.NET to address a potential Denial of Service vulnerability.

In the update, they introduced a limit to the number of data elements on an ASP.NET form.   The default limit is 1000 data elements which can be easily met by complex 3rd party or custom webparts

Exceeding the limit will cause a ThrowIfMaxHttpCollectionKeysExceeded error.

After applying the patch, forms that exceed the limit will generate the following error (in ULS Log) attempting to configure/manipulate the webparts attributes :

System.Web.HttpException: The URL-encoded form data is not valid. —> System.InvalidOperationException: Operation is not valid due to the current state of the object.

at System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded()

at System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding)

at System.Web.HttpRequest.FillInFormCollection()

Add the following to the web.config of all web front end servers in your farm:

<appsettings>

<add key=”aspnet:MaxHttpCollectionKeys” value=”10000″></add>

[</appsettings>

After the above is added, your various webparts should begin functioning normally.

  1. No comments yet.Be the first ?
  1. |
    March 26th, 2016 at 15:18 | #1

    Free Acne Solution

    Unexpected: Throw If Max Http Collection Keys Exceeded – SHAREPOINTADVICEdotNET

Comments feed