I have a problem with my application which happens only once it is deployed

Question

0

Asked: May 28, 20262026-05-28T18:43:27+00:00 2026-05-28T18:43:27+00:00

I have a problem with my application which happens only once it is deployed

0

I have a problem with my application which happens only once it is deployed on publication server. My app returns errors System.Web.HttpException invalid request on Webresource.axd
The requested WebResource URL by the clients is for exemple : (ignore the ** and * they are used to seperate part of the url)

WebResource.axd?d=PLZ1f5srE_3_5bqe5SNJORbrjr9bvaTarv3MMKJi1fn**GsDQLshr2sDQLshrmsDQLshrWsDQLshrGsDQLshq2sDQLshumvDQL72ZKbBQK5zYfpBAK5zZuMAwLEytPECwLbo5IqArrNo5oDAsbKp5sDAsbK66oFArnN28ILArnNj9UCAsfK8/UJAqTNm4oJAv2jypsOAvCjpoIOAsbK/6EDArnN254FAsbKh70KAqTNg7wKAqTNw84NAsTKm9ACAsbK8/UJAtyj+uUHAsfKz+cEArnNg+gEAqTN1+UEArnNv78KAsfK560FArrNg7wKArnNr5kDAqTNr5kDAsbKo5oDAsfKm9ACAv2jpoIOAsfK6/cJArnN0+QEArnN560FArnN08QLAv2jzpgOAsbK5/YJAqTN28ILAsbKo+AEAqTNk9ICArnN350DAsbKm9ACAsbK44kJAqfNn4sJArnNs4YDArnN76sFArjNl9MCAsbK6/cJArnN7/QJAqTN0/0JAsbKi7oKAqfNm4oJAv2j+uUHAsfKi7oKArnN44kJArnNu74KAsbKi9QCArnN5/YJAqTNz+cEArnNm4oJAsbKt4cDAsTK5/YJArnNh70KArnNp8ELArnNt4cDArnNn9ECAtrKm9ACAsbKj9UCArnNn4sJAsbK7/QJArnNi9QCArnNy8wNAsTK+8ANAsbKs4YDAqTNi9QCAsfKk9ICArnNl9MCAvqjpoIOArnNo+AEArnNs7AKArnN0/0JAsfKo5oDAsbK/8ENAsfK08QLAsbKk9ICAsbK0+QEAr3Nl9MCAsbK3+MEAsfK+8ANAsbK+8ANArnNg7wKAt3Km9ACArnN/8YCArnN3+MEArnNq5gDAvujpoIOArnNi7oKAsfK5/YJArnNk9ICArnN/8ENAqfNo5oDArnNz+cEArrN560FArnNr7UMAt3K5/YJAsfK3+MEAqTN/6EDArrN/6EDAtyjkioCp83nrQUCxMqLugoCuc3Dzg0CpM3TxAsCp82DvAoCxsqf0QICvc3nrQUC26PmzggCpM3L5gQCpM2fiwkCp83/oQMCpM2jmgMCuc23sQoCuc2H1wICxMrr9wkCuc3rowoCuc3r9wkCus2X0wICp82X0wICuc3z9QkCuc2jmgMCuc37lgUCx8qHvQoCp83P5wQCuc3voAoCuc2b0AICxsrTxAsCxMqjmgMCpM2X0wIC3crr9wkCus23sQoCxsrP5wQCxsrnrQUC26P65QcCuc37wA0Cuc3/oQMCpM37wA0Cp823sQoCuc2XjwMCuc3rqgUCpM3nrQUCuc3X+gkCuc3PzQ0C/aOGig4Cuc2HyQsCxsq7vgoCuc3X5QQC+qPKmw4Cuc2nmwMCuc3L5gQCuc2zsgwCxsq3sQoC/aPmzggCpM23sQoCuc3DxwIC3KPmzggCh+rGqAgChKbr/g4*keCbLSNH7D5G4o/WMirW0wCCoaA==

So two thing hit me right away :

The missing &t= at the end for the assembly timestamp
There are “/” and “+” which does not seem to be usually found in encrypted url

I ran the application on my side of course everything works fine for me… but I noticed in my source file that parts of what I see in the clients error can be found in my html :

<script src="/WebResource.axd?d=**PLZ1f5srE_3_5bqe5SNJORbrjr9bvaTarv3MMKJi1fn**NUlSwWXFIxNUWR37nSX-uEeFiuIaj75QpNoWiMNuwvLvtF14FC7RJnWXlWsiRGRTxygC60zWpEKm8nsH2W5C_3w9fBgmsUvMtxxfwjQB23ipcHaCWFd_wvS5QWc5bgmPzUpNNF-gwwdthk8-NKZOJKbUxQg2&amp;amp;t=634601510084481499" type="text/javascript"></script> 

<!-- SOME MORE CODE -->

<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEW5wECuIuguQEC3LnYqw4C+MDh9AEClczxhwICjKHu/A4CovL+qwgC5oaBuAgCip7jrAkC2OrW4wICkIaEvAsC5e+IZQLOjIDvBwLqgKKLDALrgKKLDALogKKLDALpgKKLDALugKKLDALvgKKLDALsgKKLDAL9gKKLDALygKKLDALqgOKIDALqgO6IDALqgOqIDALqgNaIDALqgNKIDALqgN6IDALqgNqIDALqgMaIDALqgIKLDALqgI6LDALj6ePBAQLj6ePBAQLzhoWsDQLzhoGsDQLzhr2sDQLzhrmsDQLzhrWsDQLzhrGsDQLzhq2sDQLzhumvDQLzhuWvDQLshomsDQLshoWsDQLshoGsDQLshr2sDQLshrmsDQLshrWsDQLshrGsDQLshq2sDQLshumvDQL72ZKbBQK5zYfpBAK5zZuMAwLEytPECwLbo5IqArrNo5oDAsbKp5sDAsbK66oFArnN28ILArnNj9UCAsfK8/UJAqTNm4oJAv2jypsOAvCjpoIOAsbK/6EDArnN254FAsbKh70KAqTNg7wKAqTNw84NAsTKm9ACAsbK8/UJAtyj+uUHAsfKz+cEArnNg+gEAqTN1+UEArnNv78KAsfK560FArrNg7wKArnNr5kDAqTNr5kDAsbKo5oDAsfKm9ACAv2jpoIOAsfK6/cJArnN0+QEArnN560FArnN08QLAv2jzpgOAsbK5/YJAqTN28ILAsbKo+AEAqTNk9ICArnN350DAsbKm9ACAsbK44kJAqfNn4sJArnNs4YDArnN76sFArjNl9MCAsbK6/cJArnN7/QJAqTN0/0JAsbKi7oKAqfNm4oJAv2j+uUHAsfKi7oKArnN44kJArnNu74KAsbKi9QCArnN5/YJAqTNz+cEArnNm4oJAsbKt4cDAsTK5/YJArnNh70KArnNp8ELArnNt4cDArnNn9ECAtrKm9ACAsbKj9UCArnNn4sJAsbK7/QJArnNi9QCArnNy8wNAsTK+8ANAsbKs4YDAqTNi9QCAsfKk9ICArnNl9MCAvqjpoIOArnNo+AEArnNs7AKArnN0/0JAsfKo5oDAsbK/8ENAsfK08QLAsbKk9ICAsbK0+QEAr3Nl9MCAsbK3+MEAsfK+8ANAsbK+8ANArnNg7wKAt3Km9ACArnN/8YCArnN3+MEArnNq5gDAvujpoIOArnNi7oKAsfK5/YJArnNk9ICArnN/8ENAqfNo5oDArnNz+cEArrN560FArnNr7UMAt3K5/YJAsfK3+MEAqTN/6EDArrN/6EDAtyjkioCp83nrQUCxMqLugoCuc3Dzg0CpM3TxAsCp82DvAoCxsqf0QICvc3nrQUC26PmzggCpM3L5gQCpM2fiwkCp83/oQMCpM2jmgMCuc23sQoCuc2H1wICxMrr9wkCuc3rowoCuc3r9wkCus2X0wICp82X0wICuc3z9QkCuc2jmgMCuc37lgUCx8qHvQoCp83P5wQCuc3voAoCuc2b0AICxsrTxAsCxMqjmgMCpM2X0wIC3crr9wkCus23sQoCxsrP5wQCxsrnrQUC26P65QcCuc37wA0Cuc3/oQMCpM37wA0Cp823sQoCuc2XjwMCuc3rqgUCpM3nrQUCuc3X+gkCuc3PzQ0C/aOGig4Cuc2HyQsCxsq7vgoCuc3X5QQC+qPKmw4Cuc2nmwMCuc3L5gQCuc2zsgwCxsq3sQoC/aPmzggCpM23sQoCuc3DxwIC3KPmzggCh+rGqAgChKbr/g4ClPD6xgsCr/L07wkC7tqwgwUCtL2fYQLw0+rVBQKSg7DZBwL3teCNBAL3tZyNBAL3tYiNBALHpriBCAKahuPBAV+BOBC5oXM0AZHQT+bmVMUgNw6K" />

Notice the first part of the “bad URL” :

PLZ1f5srE_3_5bqe5SNJORbrjr9bvaTarv3MMKJi1fn

Can be found in the script tag of my HTML
and the second part of the bad URL :

GsDQLshr2sDQLshrmsDQLshrWsDQLshrGsDQLshq2sDQLshumvDQL72ZKbBQK5zYfpBAK5zZuMAwLEytPECwLbo5IqArrNo5oDAsbKp5sDAsbK66oFArnN28ILArnNj9UCAsfK8/UJAqTNm4oJAv2jypsOAvCjpoIOAsbK/6EDArnN254FAsbKh70KAqTNg7wKAqTNw84NAsTKm9ACAsbK8/UJAtyj+uUHAsfKz+cEArnNg+gEAqTN1+UEArnNv78KAsfK560FArrNg7wKArnNr5kDAqTNr5kDAsbKo5oDAsfKm9ACAv2jpoIOAsfK6/cJArnN0+QEArnN560FArnN08QLAv2jzpgOAsbK5/YJAqTN28ILAsbKo+AEAqTNk9ICArnN350DAsbKm9ACAsbK44kJAqfNn4sJArnNs4YDArnN76sFArjNl9MCAsbK6/cJArnN7/QJAqTN0/0JAsbKi7oKAqfNm4oJAv2j+uUHAsfKi7oKArnN44kJArnNu74KAsbKi9QCArnN5/YJAqTNz+cEArnNm4oJAsbKt4cDAsTK5/YJArnNh70KArnNp8ELArnNt4cDArnNn9ECAtrKm9ACAsbKj9UCArnNn4sJAsbK7/QJArnNi9QCArnNy8wNAsTK+8ANAsbKs4YDAqTNi9QCAsfKk9ICArnNl9MCAvqjpoIOArnNo+AEArnNs7AKArnN0/0JAsfKo5oDAsbK/8ENAsfK08QLAsbKk9ICAsbK0+QEAr3Nl9MCAsbK3+MEAsfK+8ANAsbK+8ANArnNg7wKAt3Km9ACArnN/8YCArnN3+MEArnNq5gDAvujpoIOArnNi7oKAsfK5/YJArnNk9ICArnN/8ENAqfNo5oDArnNz+cEArrN560FArnNr7UMAt3K5/YJAsfK3+MEAqTN/6EDArrN/6EDAtyjkioCp83nrQUCxMqLugoCuc3Dzg0CpM3TxAsCp82DvAoCxsqf0QICvc3nrQUC26PmzggCpM3L5gQCpM2fiwkCp83/oQMCpM2jmgMCuc23sQoCuc2H1wICxMrr9wkCuc3rowoCuc3r9wkCus2X0wICp82X0wICuc3z9QkCuc2jmgMCuc37lgUCx8qHvQoCp83P5wQCuc3voAoCuc2b0AICxsrTxAsCxMqjmgMCpM2X0wIC3crr9wkCus23sQoCxsrP5wQCxsrnrQUC26P65QcCuc37wA0Cuc3/oQMCpM37wA0Cp823sQoCuc2XjwMCuc3rqgUCpM3nrQUCuc3X+gkCuc3PzQ0C/aOGig4Cuc2HyQsCxsq7vgoCuc3X5QQC+qPKmw4Cuc2nmwMCuc3L5gQCuc2zsgwCxsq3sQoC/aPmzggCpM23sQoCuc3DxwIC3KPmzggCh+rGqAgChKbr/g4

Can be found in the input tag of my html.

So anyway I guess the client receive html code that has been corrupted / cut off I don’t know or mixed up with another request. Could also be that production is on iis 6 while developement is on iis 7. Production server is also using SSL so not sure if this could interfere. Could it be the Server.Transfer in my code?

Can anyone help me with this?

Thanks a lot!