Fsking ASP.NET!
-
OK, this is almost certainly my own damn fault, but I prefer to blame Microsoft. :)
I'm playing around with some of the new features of ASP.NET 4.5 on my local Win7/x64 box. One of the features I wanted to try was the build-in support for using the AntiXssEncoder[^] for any calls to HttpUtility.HtmlEncode[^]; this will replace my existing
HttpEncoderclass. I updated thehttpRuntimeelement in myweb.config:<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web" />
and launched the test site. Imagine my surprise when, instead of a nice web-page, I got a modal error dialog telling me that
w3wp.exehas crashed inkernelbase.dll! Trying to debug the error with Visual Studio produces, after ten minutes of downloading symbols, a great big pile of assembly code. Eventually, after digging through the event log, I found the problem: theencoderTypeattribute needs to be set toSystem.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a- obvious, really! The event log entries:- ASP.NET 4.0.30319.0 - Warning Exception type: ConfigurationErrorsException Exception message: Could not load file or assembly 'System.Web' or one of its dependencies. The system cannot find the file specified.
- ASP.NET 4.0.30319.0 - Error An unhandled exception occurred and the process was terminated.
- Application Error - Error Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7afa2 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b Exception code: 0xe0434352 Fault offset: 0x0000000000009e5d
It seems that this error occurs at a point in the pipeline where ASP.NET can't recover, so it crashes the process instead. Which is good, in that it prevents the application from running in an unknown state. But it's also a pain in the arse to try to debug!
-
OK, this is almost certainly my own damn fault, but I prefer to blame Microsoft. :)
I'm playing around with some of the new features of ASP.NET 4.5 on my local Win7/x64 box. One of the features I wanted to try was the build-in support for using the AntiXssEncoder[^] for any calls to HttpUtility.HtmlEncode[^]; this will replace my existing
HttpEncoderclass. I updated thehttpRuntimeelement in myweb.config:<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web" />
and launched the test site. Imagine my surprise when, instead of a nice web-page, I got a modal error dialog telling me that
w3wp.exehas crashed inkernelbase.dll! Trying to debug the error with Visual Studio produces, after ten minutes of downloading symbols, a great big pile of assembly code. Eventually, after digging through the event log, I found the problem: theencoderTypeattribute needs to be set toSystem.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a- obvious, really! The event log entries:- ASP.NET 4.0.30319.0 - Warning Exception type: ConfigurationErrorsException Exception message: Could not load file or assembly 'System.Web' or one of its dependencies. The system cannot find the file specified.
- ASP.NET 4.0.30319.0 - Error An unhandled exception occurred and the process was terminated.
- Application Error - Error Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7afa2 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b Exception code: 0xe0434352 Fault offset: 0x0000000000009e5d
It seems that this error occurs at a point in the pipeline where ASP.NET can't recover, so it crashes the process instead. Which is good, in that it prevents the application from running in an unknown state. But it's also a pain in the arse to try to debug!
Oh yes, configuration is often a PITA. Why is just a
<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder"/>not enough? OK, it could be in some obscurely named dll. But why then is it so absolutely necessary to insist in a particular version, culture, and even PublicKeyToken? -
Oh yes, configuration is often a PITA. Why is just a
<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder"/>not enough? OK, it could be in some obscurely named dll. But why then is it so absolutely necessary to insist in a particular version, culture, and even PublicKeyToken?Bernhard Hiller wrote:
But why then is it so absolutely necessary to insist in a particular version, culture, and even PublicKeyToken?
because the assembly is signed? http://msdn.microsoft.com/en-us/library/wd40t7ad.aspx[^] the runtime is just trying to ensure you load what you expect.
I'm brazilian and english (well, human languages in general) aren't my best skill, so, sorry by my english. (if you want we can speak in C# or VB.Net =p) "Given the chance I'd rather work smart than work hard." - PHS241 "'Sophisticated platform' typically means 'I have no idea how it works.'"
