Ketone Cops

August 19, 2008

Invalid character in a Base-64 string (ASP.NET)

Filed under: ASP.NET 2.0,programming — delroger @ 11:16 am

Just came across a very peculiar problem with a website I’m developing. Some visitors to the website hit an error every time they click one of the controls on a particular page; the page loads fine the first time, but any sort of postback triggers the error. The message is:

Invalid character in a Base-64 string

and the stack trace is:

at System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load()

The problem seems to be with the ViewState. The ViewState is encrypted, and when an attempt is made to decrypt it on postback, the error is triggered.  The solution is actually quite simple: in the web.config file, set the ViewState not to be encrypted, like this:

 <pages viewStateEncryptionMode=”Never”>


OK, the error is no longer produced, but why is it there in the first place?  The page works perfectly well for some visitors, but not others – and that’s when the setup is exactly the same (Windows XP, IE 7) and the same requests are going to the server.  So what’s in the ViewState for different users that is creating the problem?  Still trying to find out…

As an addendum to this post one week on, I did work out why the encryption of the ViewState was a problem.  There was quite a lot of data being stored in the ViewState: above a certain length the ViewState decryption cuts off, and therefore the string doesn’t appear like a valid one for decryption.  You can solve this by splitting the ViewState into several sections using the MaxPageStateFieldLength in the pages tag in web.config – see this post for instance:

Therefore, if you want to maintain encryption on your ViewState, that’s a slightly better solution for you. Personally, I’m not convinced it matters greatly since if someone wants to decrypt your ViewState, it is trivial enough to do anyhow (see here for instance).


  1. […] related posts to each other, I think I may have found a potential solution to this issue here: Invalid character in a Base-64 string (ASP.NET) The problem seems to be with the ViewState. The ViewState is encrypted, and when an attempt is made […]

    Pingback by Regarding Base-64: Trying to solve an ASP.NET issue… « Williamo’s Blog. — August 27, 2008 @ 12:39 am

  2. This is awesome !!! Good work

    Comment by al-Mudura — February 6, 2009 @ 1:28 pm

  3. I have a lot of this errors when I use AJAX autoextender control. I’ll let you know if this fix the issues.

    Comment by TV watcher — May 25, 2009 @ 5:15 pm

  4. Hi when I encrypr no like ‘1006’ when number 6 is come then give error my when dycrypt using

    byte[] bytes = Convert.FromBase64String(StrData);
    my Decrypt String Like L7tqus 8q 30jktG awCQw==

    Comment by kirti — June 25, 2009 @ 5:25 am

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at

%d bloggers like this: