All geek questions in one place

WebResource.axd Decryption data length invalid

I have many errors in the event viewer that look like this. I investigated all possible solutions and still have not found what works;

The website is part of webfarm; Session status is stored on a public server machinekey is the same on all servers; I even used iiscfg to copy iis settings on all servers ... still no success; in IIS, by the properties of the website, I made sure that "check if the file exists" is not set for axd mappings ...

I tried adding the following line to httphandlers:

<add path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" validate="True" />

but still failed ...

I really don't know how to get rid of this error. If someone could help me, I would take it!

All stack trace:

 Request URL: http://xxxxxxx/WebResource.axd?d=Nu8EdkxldHhw5_nYPoeh3y1EbfLckWGua0HevmQkJr6irkrdL4WYMMP0l2yqOwM7Sd85LYeggTTTURTygkW9tqcBk1Q1&t=634242073212638436 
    Request path: /WebResource.axd 


 at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo)
   at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType)
   at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
+3
4

- ... , , , .

+3

!

ASP.Net WebResource.axd ScriptResource.axd, :

HTTP//MySite/MyApplication/WebResource.axd d = 966IInUloJ... &? = 6332662...

, , . , "d" , , validationKey .. .

"/MyApplication".

.

: -. , .

: System.Security.Cryptography.CryptographicException: .

:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


:


[CryptographicException: Length of the data to decrypt is invalid.]
   System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) +7588941
   System.Security.Cryptography.CryptoStream.FlushFinalBlock() +33
   System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) +225
   System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) +85
   System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context) +179
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75


: Microsoft.NET Framework Version: 2.0.50727.5653; ASP.NET: 2.0.50727.4444

Windows :

Event Type:   Warning
Event Source: ASP.NET 2.0.50727.0
Event Category:      Web Event 
Event ID:     1309
Date:         5/23/2011
Time:         3:31:13 PM
User:         N/A
Computer:     MYHOST
Description:
Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 5/23/2011 3:31:13 PM 
Event time (UTC): 5/23/2011 7:31:13 AM 
Event ID: a66bd05b39c34da6bc3bfd349aefdf24 
Event sequence: 71 
Event occurrence: 21 
Event detail code: 0 

Application information: 
    Application domain: /LM/W3SVC/98/Root/MyApplication... 
    Trust level: Full 
    Application Virtual Path: /MyApplication
    Application Path: d:\inetpub\mysite\MyApplication\ 
    Machine name: MYHOST 

Process information: 
    Process ID: 15328 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\NETWORK SERVICE 

Exception information: 
    Exception type: CryptographicException 
    Exception message: Length of the data to decrypt is invalid. 

Request information: 
    Request URL: http://mysite/MyApplication/ScriptResource.axd?d=...&t=...

    Request path: /MyApplication/ScriptResource.axd 
    User host address: 1.1.1.1
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\NETWORK SERVICE 

Thread information: 
    Thread ID: 9 
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
    Is impersonating: False 
    Stack trace:    at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo)
   at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType)
   at System.Web.UI.Page.DecryptString(String s)

MS10-070. , , - .

, KB2431728 - ASP.NET -, cookie - - . .

- :... WebResource ScriptResource

...

, MS10-070 (Http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx) ASP.NET.

...

, ASP.NET - - . , .

+1

We had a web farm, and it turned out that the main reason was that not all servers were running on the same Microsoft Windows patch level. As soon as we brought them to the same patch level, the errors disappeared.

+1
source

You can look at this:

http://jagbarcelo.blogspot.com/2009/08/solution-padding-invalid-cannot-be.html

Please note that we had a similar problem, and setting the verification and decryption attributes of the machine key section in the web.config file seemed to help, for example:

<machineKey validationKey='blah' decryptionKey='blah' validation='AES' decryption='AES'/>
0
source

Source: https://habr.com/ru/post/1790751/

More articles:


All Articles