ASP.NET HTML Form Failure

We've just brought up a new ASP.NET page that is showing a strange error. The error shows up in the next page as if the data isn't in the form. When the user goes back and refreshes the page and resubmits the form it works just fine.

A little background, this source is being served up from a virtual directory for 8 web servers with a load balancer and IIS-6. The version of VB.NET is 2005. The problem appears to be browser independent (It happens on both IE & Firefox). The form objects are pure HTML because they are entirely dynamically generated and formatted based on the answers from the previous pages and this is a conversion from ASP.

A stub of the form with the failing objects is as follows:

<FORM ACTION="NextPage.aspx" METHOD="post" ID="frmAddComments" NAME="frmAddComments">
    <SELECT NAME="SubReason1" ID="SubReason1">
        <OPTION VALUE="">Select A Reason For This Return</OPTION>
        <OPTION VALUE="BP11">Arrived Defective</OPTION>
        <OPTION VALUE="BP12">Not Compatible</OPTION>
        <OPTION VALUE="BP13">Stopped Working</OPTION>
    </SELECT>
    <TEXTAREA NAME="comment1" ID="comment1" ROWS="3" COLS="45"></TEXTAREA>
    <SELECT NAME="SubReason2" ID="SubReason2">
        <OPTION VALUE="">Select A Reason For This Return</OPTION>
        <OPTION VALUE="BP11">Arrived Defective</OPTION>
        <OPTION VALUE="BP12">Not Compatible</OPTION>
        <OPTION VALUE="BP13">Stopped Working</OPTION>
    </SELECT>
    <TEXTAREA NAME="commen开发者_Go百科t2" ID="comment2" ROWS="3" COLS="45"></TEXTAREA>
    <INPUT TYPE="submit" VALUE="Continue">
</FORM>

I'm primarily looking for which questions to ask.

Edit Questions got me thinking - There are several encrypted items in the form which are received and validate correctly. This is the reason that they are not in the stub. Any failure would be redirected to a failure page and that is not happening. Only the unencrypted data is blank.

Edit The encryption is a mix of RC4, MD5 and DES-3 - with all encrypted fields displayed as hex, both name/id and value. Any failure in matching encryption / decryption will result in the page displaying an error. That is not happening.

Edit This page also shows a problem with ViewState. It is now turned off.

Edit A transaction dump shows that the failures are not changing servers. I show only one entry with a change of servers.

I had a similar problem that took a few days to figure out. I was porting an application from ColdFusion to .NET 3.5 and the page seemed to post back, but most of the request was lost.

The problem was with having a form element which wasn't marked with a runat="server" tag being nested within the form tag marked with a runat="server".

My resolution was simple: I removed the html-based form element and relied on the main form. Your issue sounds slightly different because you're dynamically building the form. From my research during that time, I learned that form elements shouldn't be nested and that only one per page can be server-side.

MSDN Magazine has an article with several options for displaying multiple forms on a single page: http://msdn.microsoft.com/en-us/magazine/cc164151.aspx#S4

However, if your generated forms are fairly simple as you've posted, you may consider generating the controls and using an asp:Button control's PostbackUrl property to set the page to which a postback should be submitted.

An example, taken from MSDN:

  <form id="form1" runat="server">

    <h3>Button.PostBackUrl Example</h3>

    Enter a value to post:
    <asp:textbox id="TextBox1" 
      runat="Server">
    </asp:textbox>

    <br /><br />

    <asp:button id="Button1" 
      text="Post back to this page"
      runat="Server">
    </asp:button>

    <br /><br />

    <asp:button id="Button2"
      text="Post value to another page" 
      postbackurl="Button.PostBackUrlPage2cs.aspx" 
      runat="Server">
    </asp:button>

  </form>

Notice how clicking the first button posts back to the current page, and clicking the second button posts back to Button.PostBackUrlPage2cs.aspx and contains the value entered in the textbox in the Request object.

Questions I would ask include:

1. How are you maintaining state? Are you using in-proc sessions? I ask because the users are likely being bounced from one server to the next. Have you tried switching to cookie based sessions?

2. Can you put a logger on the page load to save everything from the Request object. Specifically, all of the form fields submitted?

3. What, exactly, is the error message?

EDIT
If some values are coming, then that is a strange situation. How are you decrypting the data? and, again, what is in the underlying Request object itself? How are you accessing the fields to determine they "aren't there"? At what point in the pipeline is the decryption occurring? Is it mangling the rest of the request object?