What causing this “Invalid length for a Base-64 char array”

I have very little to go on here. I can’t reproduce this locally, but when users get the error I get an automatic email exception notification:

Invalid length for a Base-64 char array.

  at System.Convert.FromBase64String(String s)
  at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)
  at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState)
  at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState)
  at System.Web.UI.HiddenFieldPageStatePersister.Load()

I’m inclined to think there is a problem with data that is being assigned to viewstate.
For example:

List<int> SelectedActionIDList = GetSelectedActionIDList();
ViewState["_SelectedActionIDList"] = SelectedActionIDList;

It’s difficult to guess the source of the error without being able to reproduce the error locally.

If anyone has had any experience with this error, I would really like to know what you found out.


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

After urlDecode processes the text, it replaces all ‘+’ chars with ‘ ‘ … thus the error. You should simply call this statement to make it base 64 compatible again:

        sEncryptedString = sEncryptedString.Replace(' ', '+');

Method 2

I’ve seen this error caused by the combination of good sized viewstate and over aggressive content-filtering devices/firewalls (especially when dealing with K-12 Educational institutions).

We worked around it by storing Viewstate in SQL Server. Before going that route, I would recommend trying to limit your use of viewstate by not storing anything large in it and turning it off for all controls which do not need it.

References for storing ViewState in SQL Server:
MSDN – Overview of PageStatePersister
ASP Alliance – Simple method to store viewstate in SQL Server
Code Project – ViewState Provider Model

Method 3

My guess is that something is either encoding or decoding too often – or that you’ve got text with multiple lines in.

Base64 strings have to be a multiple of 4 characters in length – every 4 characters represents 3 bytes of input data. Somehow, the view state data being passed back by ASP.NET is corrupted – the length isn’t a multiple of 4.

Do you log the user agent when this occurs? I wonder whether it’s a badly-behaved browser somewhere… another possibility is that there’s a proxy doing naughty things. Likewise try to log the content length of the request, so you can see whether it only happens for large requests.

Method 4

Try this:

public string EncodeBase64(string data)
    string s = data.Trim().Replace(" ", "+");
    if (s.Length % 4 > 0)
        s = s.PadRight(s.Length + 4 - s.Length % 4, '=');
    return Encoding.UTF8.GetString(Convert.FromBase64String(s));

Method 5

int len = qs.Length % 4;
            if (len > 0) qs = qs.PadRight(qs.Length + (4 - len), '=');

where qs is any base64 encoded string

Method 6

As others have mentioned this can be caused when some firewalls and proxies prevent access to pages containing a large amount of ViewState data.

ASP.NET 2.0 introduced the ViewState Chunking mechanism which breaks the ViewState up into manageable chunks, allowing the ViewState to pass through the proxy / firewall without issue.

To enable this feature simply add the following line to your web.config file.

<pages maxPageStateFieldLength="4000">

This should not be used as an alternative to reducing your ViewState size but it can be an effective backstop against the “Invalid length for a Base-64 char array” error resulting from aggressive proxies and the like.

Method 7

This isn’t an answer, sadly. After running into the intermittent error for some time and finally being annoyed enough to try to fix it, I have yet to find a fix. I have, however, determined a recipe for reproducing my problem, which might help others.

In my case it is SOLELY a localhost problem, on my dev machine that also has the app’s DB. It’s a .NET 2.0 app I’m editing with VS2005. The Win7 64 bit machine also has VS2008 and .NET 3.5 installed.

Here’s what will generate the error, from a variety of forms:

  1. Load a fresh copy of the form.
  2. Enter some data, and/or postback with any of the form’s controls. As long as there is no significant delay, repeat all you like, and no errors occur.
  3. Wait a little while (1 or 2 minutes maybe, not more than 5), and try another postback.

A minute or two delay “waiting for localhost” and then “Connection was reset” by the browser, and global.asax‘s application error trap logs:

Application_Error event: Invalid length for a Base-64 char array.
Stack Trace:
     at System.Convert.FromBase64String(String s)
     at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)
     at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState)
     at System.Web.UI.HiddenFieldPageStatePersister.Load()

In this case, it is not the SIZE of the viewstate, but something to do with page and/or viewstate caching that seems to be biting me. Setting <pages> parameters enableEventValidation="false", and viewStateEncryption="Never" in the Web.config did not change the behavior. Neither did setting the maxPageStateFieldLength to something modest.

Method 8

Take a look at your HttpHandlers. I’ve been noticing some weird and completely random errors over the past few months after I implemented a compression tool (RadCompression from Telerik). I was noticing errors like:

  • System.Web.HttpException: Unable to validate data.
  • System.Web.HttpException: The client disconnected.—> System.Web.UI.ViewStateException: Invalid viewstate.


  • System.FormatException: Invalid length for a Base-64 char array.
  • System.Web.HttpException: The client disconnected. —> System.Web.UI.ViewStateException: Invalid viewstate.

I wrote about this on my blog.

Method 9

This is because of a huge view state, In my case I got lucky since I was not using the viewstate. I just added enableviewstate="false" on the form tag and view state went from 35k to 100 chars

Method 10

During initial testing for Membership.ValidateUser with a SqlMembershipProvider, I use a hash (SHA1) algorithm combined with a salt, and, if I changed the salt length to a length not divisible by four, I received this error.

I have not tried any of the fixes above, but if the salt is being altered, this may help someone pinpoint that as the source of this particular error.

Method 11

As Jon Skeet said, the string must be multiple of 4 bytes. But I was still getting the error.

At least it got removed in debug mode. Put a break point on Convert.FromBase64String() then step through the code. Miraculously, the error disappeared for me 🙂 It is probably related to View states and similar other issues as others have reported.

Method 12

In addition to @jalchr’s solution that helped me, I found that when calling ATL::Base64Encode from a c++ application to encode the content you pass to an ASP.NET webservice, you need something else, too. In addition to

sEncryptedString = sEncryptedString.Replace(' ', '+');

from @jalchr’s solution, you also need to ensure that you do not use the ATL_BASE64_FLAG_NOPAD flag on ATL::Base64Encode:

 BOOL bEncoded = Base64Encode(lpBuffer,

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x