如何阻止 ASP.Net 网站在向前/向后浏览项目分页列表时抛出 HttpUnhandledException 异常？

发布于 2024-07-09 20:19:29 字数 2724 浏览 7 评论 0 原文

我有一个 ASP.Net 托管网站，它将结果列表显示为带有结果分页的 DataGrid 或 ASP.Net Repeater。

如果通过按“上一个”/“下一个”选项卡快速滚动页面，有时会抛出 HttpUnhandledException 并呈现调试页面，而不是下一个结果列表。

调试屏幕如下：

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ArgumentException: Invalid postback or callback argument.  Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page.  For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them.  If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
  at System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument)
  at System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument)
  at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
  at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
  at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
  at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  --- End of inner exception stack trace ---
  at System.Web.UI.Page.HandleError(Exception e)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest()
  at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
  at System.Web.UI.Page.ProcessRequest(HttpContext context)
  at ASP.contacts_default_aspx.ProcessRequest(HttpContext context)
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

我在以下位置找到了对此类错误的引用 http://blogs.msdn.com/amitsh/archive/2007/07/31/why-i-get-invalid-postback-or-callback-argument-errors.aspx

但建议的解决方案是设置为 false，但这似乎会造成安全漏洞。这些评论推荐了几种替代方案，但似乎都相当复杂，因为它们需要向我的站点中使用的每个 DataGrid 或 Repeater 控件添加代码。

是否有更通用的解决方案可以在不牺牲安全性的情况下完成？

原文

I have an ASP.Net hosted website which displays a list of results as a DataGrid or ASP.Net Repeater with paging of results.

If one scrolls quickly through the pages by pressing the Previous/Next tabs sometimes an HttpUnhandledException is thrown and the debug page rendered instead of the next listing of results.

The debug screen is as follows:

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ArgumentException: Invalid postback or callback argument.  Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page.  For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them.  If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
  at System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument)
  at System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument)
  at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
  at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
  at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
  at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  --- End of inner exception stack trace ---
  at System.Web.UI.Page.HandleError(Exception e)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest()
  at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
  at System.Web.UI.Page.ProcessRequest(HttpContext context)
  at ASP.contacts_default_aspx.ProcessRequest(HttpContext context)
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I have found reference to such an error at
http://blogs.msdn.com/amitsh/archive/2007/07/31/why-i-get-invalid-postback-or-callback-argument-errors.aspx

but the solution recommended is to set to false, but this seems to create a security hole. The comments recommend several alternatives, but all seem rather complex since they require adding code to every single DataGrid or Repeater control used throughout my site.

Is there a more general solution that can be done without sacrificing security?

分享到QQ

分享到微博