Don't panic!

Cry about...
MS-Windows Troubleshooting

Server Error in Application ... Operation is not valid due to the current state of the object

Symptom

When a web form with a large number of data-entry controls is posted back to the server the following error is generated in the browser:

Server Error in '/www...' Application.

Operation is not valid due to the current state of the object.

Exception Details: System.InvalidOperationException: Operation is not valid due to the current state of the object.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2420862
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +58
System.Web.HttpRequest.FillInFormCollection() +159

[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +217
System.Web.HttpRequest.get_Form() +104
System.Web.HttpRequest.get_HasForm() +9038959
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +135

The same information will also be recorded in the Application event log.

An annoying thing about this error is that it may be generated on a website which once worked perfectly well.

One of the key items to note is the the part of the stack trace "HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded" as that is the underlying cause of this error.

Cause

In January 2012 Microsoft released a security update (MS11-100) for the .NET framework. This security update limits the number of items which may be posted back in an HTTP request. This change is to address a one possible denial of service attack.

The default limit for the number of items which may now be posted back in an HTTP request is 1000. Go above this and the above exception will be thrown.

Remedy

The remedy is to increase the number of items which can be included in a post-back. This is done by adding the following entry to the web.config file:

<add key="aspnet:MaxHttpCollectionKeys" value="2000" />

This line goes in the <appSettings> element (which in turn is in the <configuration> element) in the web.config file. The above line increases the limit to 2000, you may need to set it higher if you have many controls on a form.

These notes have been tested within Microsoft Visual Studio .NET 2008 targetting the .NET 4 framework, running under Windows Vista and Windows 2008, and may apply to other versions as well.

About the author: is a dedicated software developer and webmaster. For his day job he develops websites and desktop applications as well as providing IT services. He moonlights as a technical author and consultant.