Cryptographic Exception in website



I hope someone can explain this to me. I'm pretty much a neo-phyte at
crypto stuff. I have a website, and I recently installed SSL, and
also added a machinekey to my web.config file in preparation for
encrypting some data into the database.

Now, pretty much randomly, my logs show a
"System.Security.Cryptography.CryptographicException" with the
exception message "Padding is invalid and cannot be removed". The
thing is,

1) there is nothing going on at the time the exception is thrown. It
appears to be happening on Applicaton startup, but only sometimes
(several times a day, but there are many requests that are satisfied.
and
2) None of the routines in the stack trace back are anything that I
wrote. Here's the stack traceback:
(argument list removed for space):
at System.Security.Cryptography.RijndaelManagedTransform.DecryptData
at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData
at System.Web.UI.Page.DecryptString(String s)
at
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext
context)
at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep

The only thing in there that I see that I might have something to do
with is the MachineKey (half way through is a call to
System.Web.Configurate.MachineKeySection.EncryptOrDecryptData). Since
I generated the machine key (via a webprogram to generate Random keys
in Machine Key format for .Net 2.0 - can't remember the link, but I
can find it again if it's important), it's possible that it's messed
up somehow, BUT - it works most of the time. It seems like if the
configuration data was bad, it would fail all the time.

In the preinit routine of the BasePage class, I have a check that says
if (!Request.IsSecure) Response.Redirect(https://...). But there are
log messages around this that are not showing up, so I don't think
it's getting that far. The exception seems to be being thrown right
after application startup. I get an "Application Started" log mesage,
then 2 seconds later, an "Application got fatal error" message (via
the Application_Error routine), with the exception stack shown above.

LIke I say, I'm new at this phase, so any help would be appreciated.
Thanks.
.



Relevant Pages

  • Re: x86 exception handling and stack demand
    ... When an exception occurs that will be passed down to user mode as an SEH exception, the kernel arranges for control to return to user mode at a special function in NTDLL, with several parameters on the stack containing information about the exception. ... In XP and later, the system stores a pointer to the initial stack allocation block in the TEB that is used by the kernel to decommit the stack via NtFreeVirtualMemory when the thread is terminated in a non-graceful fashion, closing this leak. ...
    (microsoft.public.win32.programmer.kernel)
  • [PATCH] x86: style fascism for xen assemblies
    ... * a view to being able to inline as much as possible. ... push %eax ... * This is run where a normal iret would be run, with the same stack setup: ... In order to deliver the nested exception properly, ...
    (Linux-Kernel)
  • Re: new interpreter ("Fast RIR")
    ... in my stack-machine interpreter, a very large number of instructions ... underflow nor overflow during an operation, ... if you know the max number of stack items ever used, it is possible to allocate stack space for just that many items. ... yes, this is why I want to factor this out, as at present, the generation of exception events is a lot harder to factor out, so better would be to execute code in a form where static elimination of most possible exception cases is possible. ...
    (comp.lang.misc)
  • RE: System.AccessViolationException in .NET 2.0 application
    ... Based on the call stack, there is an AV exception in the ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.general)
  • Controlled types and exception safety
    ... I can classify the stack's operations by assigning them any of the above four levels, so that I know what can be expected when an exception is thrown for any reason (like inability to allocate more memory, or alike). ... For example, if the Push method of the stack gives me the strong guarantee, then I *know* that by calling this method either the new element will be appended to the stack, or the stack will remain unchanged, so that even if the exception is thrown, I don't have to worry about the stack's internal consistency. ... Since stack can be a dynamic data structure, assigning one stack object to another may involve destroying one existing data structure *and* creating a new one in its place. ...
    (comp.lang.ada)