views:

2064

answers:

1

Hi, I have an ASP.Net hosted website which displays a list of results as a DataGrid or ASP.Net Repeater with paging of results.

If one scrolls quickly through the pages by pressing the Previous/Next tabs sometimes an HttpUnhandledException is thrown and the debug page rendered instead of the next listing of results.

The debug screen is as follows:

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ArgumentException: Invalid postback or callback argument.  Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page.  For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them.  If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
  at System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument)
  at System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument)
  at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
  at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
  at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
  at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  --- End of inner exception stack trace ---
  at System.Web.UI.Page.HandleError(Exception e)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest()
  at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
  at System.Web.UI.Page.ProcessRequest(HttpContext context)
  at ASP.contacts_default_aspx.ProcessRequest(HttpContext context)
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I have found reference to such an error at http://blogs.msdn.com/amitsh/archive/2007/07/31/why-i-get-invalid-postback-or-callback-argument-errors.aspx

but the solution recommended is to set to false, but this seems to create a security hole. The comments recommend several alternatives, but all seem rather complex since they require adding code to every single DataGrid or Repeater control used throughout my site.

Is there a more general solution that can be done without sacrificing security?

+3  A: 

The hidden fields on your page are not being supplied on postback. There are several of these fields, and they are usually required for the 'magic' that ASP.Net provides.

In your page directive you can put enableEventValidation=false in your page directive to turn it off, however that may not be desirable.

You can move the write code to move the elements to the top of the page

Finally, I am fairly certain this exact issue was recently fixed in a Service Pack or in 3.5.

-- EDIT --

I just found the setting: RenderAllHiddenFieldsAtTopOfForm

According to MSDN is supported in the following versions: 3.5 SP1, 3.0 SP2, 2.0 SP2

Brian Schmitt