Try our conversational search powered by Generative AI!

Forms submission gives error 500


Using Episerver.Forms 4.24.1 and episerver.CMS 11.10.4 (had same problem back in time when started with Forms 4.15.1 and CMS 11.4.3)

Our intranet site is mostly giving "error 500: Internal Server Error" when posting a form.

Error in log shows: 

ERROR EPiServer.Global: Unhandled exception in ASP.NET
EPiServer.Core.EPiServerException: ContentReference: Input string was not in a correct format.
at EPiServer.Core.ContentReference.Parse(String s)
at EPiServer.Core.ContentReference..ctor(String complexReference)
at EPiServer.Forms.Core.Internal.DataSubmissionService.GetValidatableElementsData(NameValueCollection validationData, Submission submissionDataFullForm)
at EPiServer.Forms.Core.Internal.DataSubmissionService.PerformDataSubmit(NameValueCollection rawSubmittedData, HttpContextBase httpContext, ControllerBase controller)
at EPiServer.Forms.Controllers.DataSubmitController.Submit()
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at EPiServer.Forms.Controllers.FormsMvcHandler.ProcessController(IController controller)
at EPiServer.Forms.Controllers.FormsMvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Our intranet is using windows authentication, and users is automatically authenticated.

Web.config contains: <authentication mode="Windows">

IIS is set up with Authentication: "Windows Authentication" and "Anonymous Authentication" enabled

Access rights is set up like this

Have a guest group (ip criterion) that can access the site without login, an other site on server whith the IP is getting RSS feed from this site.

The strange is that a way around the error is (only sometimes) refresh the page by puttig cursor in address line and press enter. Refreshing by pressing F5 or refresh icon does not work.

From time to time we also get following error in logg, and the same "error 500: Internal Server Error" on page

ERROR EPiServer.Forms.Internal.Security.DefaultAntiForgeryValidator: Failed to validate the anti-forgery token
System.Web.Mvc.HttpAntiForgeryException (0x80004005): The provided anti-forgery token was meant for user "DOMAINNAME\username", but the current user is "".
at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext, String cookieToken, String formToken)
at EPiServer.Forms.Internal.Security.DefaultAntiForgeryValidator.Validate(HttpContextBase httpContext)

and at the same time showing the icon for entering editmode on page.

Jul 10, 2019 9:09

Look like the issue come from anti-forgery validation. Please see this Try to set AntiForgeryConfig.SuppressIdentityHeuristicChecks = true and see the result.

Jul 10, 2019 10:36

"AntiForgeryConfig.SuppressIdentityHeuristicChecks = true" did not solve the main problem, maybe it solves the 2nd issue that we see happens now and then.

I have inspected the post with Fiddler, and see that a successfull and a failed post have the same values for "__FormGuid", "__FormHostedPage", "__FormLanguage" and "__FormCurrentStepIndex", but as I understand the errormessage it's the value of "__FormHostedPage" (page ID of page with the form) that is missinterpeded when trying to parse the value to int and make contentreference. 

When entering the same values in the form, all values is identical, sometimes the form is posted successfully, but mostly gives error 500.

Have tried with Chrome (v.70...), Opera (v.60...), IE 11 and IE Edge. IE-11 and Edge fails almost always.

Jul 10, 2019 14:57

What is the value of __FormHostedPage? is it in correct format? Could you please give us a support case? we can look into the problem deeper.

Jul 16, 2019 8:43

From what you provided, I can imagine that you might render the forms in a Dialog or using IFrame and for some reasons, the submission data is not in proper format.

But that's just a guess and it would be better if you can give us a support case as Dac Thach said.

Jul 17, 2019 5:07

Sorry for not following up this.
First: __FromHostedPage seems for me to be correct format - just the ID of the page containing the form -  a successfull submission or a failing submission contains the same information in __FromHostedPage
Second: the form is included in a content area and rendered like this: @Html.PropertyFor(m => m.CurrentPage.MiddleColumnBlock)

Sep 12, 2019 9:05

I know it's an old post, but i wonder if there's any way to customize the error message in this case, i.e. for anti-forgery validation errors?
If that's not possible, a custom general erros message would be fine to.

We have the same issue from time to time and I would rather display a better, more user friendly message.

Jun 08, 2021 13:59


Did you ever solve this? We have a similar situation where Submit works if Page is not restricted, that is "Everyone" has access but Submit gives 500 and same stack trace as you when Page is restriced with one of our custom groups

Feb 09, 2022 14:01
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.