|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Cryptographic Exception in websitecrypto stuff. I have a website, and I recently installed SSL, and also added a machinekey to my web.config file in preparation for encrypting some data into the database. Now, pretty much randomly, my logs show a "System.Security.Cryptography.CryptographicException" with the exception message "Padding is invalid and cannot be removed". The thing is, 1) there is nothing going on at the time the exception is thrown. It appears to be happening on Applicaton startup, but only sometimes (several times a day, but there are many requests that are satisfied. and 2) None of the routines in the stack trace back are anything that I wrote. Here's the stack traceback: (argument list removed for space): at System.Security.Cryptography.RijndaelManagedTransform.DecryptData at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData at System.Web.UI.Page.DecryptString(String s) at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep The only thing in there that I see that I might have something to do with is the MachineKey (half way through is a call to System.Web.Configurate.MachineKeySection.EncryptOrDecryptData). Since I generated the machine key (via a webprogram to generate Random keys in Machine Key format for .Net 2.0 - can't remember the link, but I can find it again if it's important), it's possible that it's messed up somehow, BUT - it works most of the time. It seems like if the configuration data was bad, it would fail all the time. In the preinit routine of the BasePage class, I have a check that says if (!Request.IsSecure) Response.Redirect(https://...). But there are log messages around this that are not showing up, so I don't think it's getting that far. The exception seems to be being thrown right after application startup. I get an "Application Started" log mesage, then 2 seconds later, an "Application got fatal error" message (via the Application_Error routine), with the exception stack shown above. LIke I say, I'm new at this phase, so any help would be appreciated. Thanks. 
Other interesting topics
|
|||||||||||||||||||||||
