Cryptographic Exception in website
- From: daveh551 <geekdh@xxxxxxxxx>
- Date: Tue, 11 Nov 2008 07:26:33 -0800 (PST)
I hope someone can explain this to me. I'm pretty much a neo-phyte at
crypto stuff. I have a website, and I recently installed SSL, and
also added a machinekey to my web.config file in preparation for
encrypting some data into the database.
Now, pretty much randomly, my logs show a
"System.Security.Cryptography.CryptographicException" with the
exception message "Padding is invalid and cannot be removed". The
1) there is nothing going on at the time the exception is thrown. It
appears to be happening on Applicaton startup, but only sometimes
(several times a day, but there are many requests that are satisfied.
2) None of the routines in the stack trace back are anything that I
wrote. Here's the stack traceback:
(argument list removed for space):
at System.Web.UI.Page.DecryptString(String s)
The only thing in there that I see that I might have something to do
with is the MachineKey (half way through is a call to
I generated the machine key (via a webprogram to generate Random keys
in Machine Key format for .Net 2.0 - can't remember the link, but I
can find it again if it's important), it's possible that it's messed
up somehow, BUT - it works most of the time. It seems like if the
configuration data was bad, it would fail all the time.
In the preinit routine of the BasePage class, I have a check that says
if (!Request.IsSecure) Response.Redirect(https://...). But there are
log messages around this that are not showing up, so I don't think
it's getting that far. The exception seems to be being thrown right
after application startup. I get an "Application Started" log mesage,
then 2 seconds later, an "Application got fatal error" message (via
the Application_Error routine), with the exception stack shown above.
LIke I say, I'm new at this phase, so any help would be appreciated.
- Prev by Date: Re: Provider's public key is invalid
- Next by Date: IPSec Policy changes after Nov 12th Updates
- Previous by thread: Re: Provider's public key is invalid
- Next by thread: IPSec Policy changes after Nov 12th Updates