Why do I get a TypeInitializationException when calling HtmlHelper.AntiForgeryToken?

2
votes

Preamble

I've searched to see if I can find this question anywhere on here and I can't. I previously asked on meta if it would be valid to report the bug on SO.

The consensus was that I should report the bug at the source and if I was feeling community minded, perhaps to ask and answer the question on SO so that other people might come across it. So here I go doing my community bit.

The problem

I have an MVC view which calls Html.AntiForgeryToken which throws a TypeInitializationException in FormatterGenerator. The stack trace is as follows (apologies for the scroll bar):

The virtual path '[path]' maps to another application, which is not allowed

[ArgumentException: The virtual path '/Asp%20Net%20Bug%202008/Account/Register' maps to another application, which is not allowed.]
   System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath, Boolean permitPathsOutsideApp) +11193138
   System.Web.HttpContext.GetFilePathData() +61
   System.Web.Configuration.HttpCapabilitiesBase.GetBrowserCapabilities(HttpRequest request) +124
   System.Web.HttpRequest.get_Browser() +168
   System.Web.UI.Page.SetIntrinsics(HttpContext context, Boolean allowAsync) +207
   System.Web.UI.Page.ProcessRequest(HttpContext context) +232
   System.Web.Mvc.TokenPersister.CreateFormatterGenerator() +459
   System.Web.Mvc.FormatterGenerator..cctor() +10

[TypeInitializationException: The type initializer for 'FormatterGenerator' threw an exception.]
   System.Web.Mvc.AntiForgeryDataSerializer.get_Formatter() +38
   System.Web.Mvc.AntiForgeryDataSerializer.Serialize(AntiForgeryData token) +181
   System.Web.Mvc.HtmlHelper.GetAntiForgeryTokenAndSetCookie(String salt, String domain, String path) +405
   System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path) +13
   System.Web.Mvc.HtmlHelper.AntiForgeryToken() +17
   ASP.views_account_register_aspx.__RenderregisterContent(HtmlTextWriter __w, Control parameterContainer) in c:\Users\andras.zoltan\documents\visual studio 2008\projects\aspnetbug2008\aspnetbug2008\Views\Account\Register.aspx:17
   System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +115
   ASP.views_shared_site_master.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in c:\Users\andras.zoltan\documents\visual studio 2008\projects\aspnetbug2008\aspnetbug2008\Views\Shared\Site.Master:26
   System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +115
   System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +240
   System.Web.UI.Page.Render(HtmlTextWriter writer) +38
   System.Web.Mvc.ViewPage.Render(HtmlTextWriter writer) +89
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4240

Even stranger is that a colleague doesn't get this problem when they load up the project and run.

My environment is VS2008, and IIS7.5; this is an MVC2 project.

1
c#asp.net-mvcasp.net-mvc-2

1 Answers

4
votes

This is a bug in Asp.Net Mvc (definitely 2, probably 1 as well) which I have blogged about here (if you get an error when my blog opens - just refresh!), and I have reported to the MVC team here.

If the web application is hosted inside a virtual directory that contains spaces, then the internal mechanism that MVC uses to generate a data serializer for the anti forgery token fails to work. It uses a fake Asp.Net page request, but something about the way it fakes the request causes URL validation to fail and incorrectly identifies the URL as being outside the current application.

The current workaround is to remove the spaces from the application's directory name - hyphens are a good choice. I believe that any characters that require URL-encoding in the path might be a problem.

The reason why you might get this error and a colleague won't is if in your web project you allow each developer to have their own web binding. The default for web projects will be to use Cassini - which, of course, will not have this issue.