Exception - Padding is Invalid

[AG]

I occassionally get the following exception from an ASP.NET 2.0 Web
Application running on a shared web host.

I have no way of knowing what the actual request page was as it never
happens when I visit the site. The exception is trapped in the
Application_Error event of global.asax and emailed to me.

The only encryption in the app is the connectionStrings section of
web.config.

There is no localization in use.

Can anyone shed any light on how to identify the root cause and correct it?

Could it be a server configuration problem?
Request.Path: /WebResource.axd

Exception Message: Padding is invalid and cannot be removed.

StackTrace: at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)

at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)

at System.Web.UI.Page.DecryptString(String s)

at
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext
context)

at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

InnerException:

CurrentExecutionFilePath: /WebResource.axd

 

[bruce barker]

a webresource request has encrypted parameters (assembly name, and resource
id) so a user canot just randomly pluck out resources values (such as a
connect string). after encryption, the parameters are convereted to base64 to
make the strings url safe. due to base64's algrothrym a the string length is
always a mutilpe of three. to get this padding is added.

the error message means the parameter string was truncated (or has illegal
charaters) and does not match the url rendered. this is usally caused by a
proxy server that truncates the url because it too long, or performs some
other translation.

you would to run network traces to see if your end or the other end is
causing the problem.

-- bruce (sqlwork.com)

 

[AG]

Thanks Bruce,

Since I can't run any network traces, it sounds like I have to just ignore
it, unless it becomes more frequent.

--

AG
Email: discussATadhdataDOTcom

a webresource request has encrypted parameters (assembly name, and resource
id) so a user canot just randomly pluck out resources values (such as a
connect string). after encryption, the parameters are convereted to base64
to
make the strings url safe. due to base64's algrothrym a the string length
is
always a mutilpe of three. to get this padding is added.

the error message means the parameter string was truncated (or has illegal
charaters) and does not match the url rendered. this is usally caused by a
proxy server that truncates the url because it too long, or performs some
other translation.

you would to run network traces to see if your end or the other end is
causing the problem.

-- bruce (sqlwork.com)

I occassionally get the following exception from an ASP.NET 2.0 Web
Application running on a shared web host.

I have no way of knowing what the actual request page was as it never
happens when I visit the site. The exception is trapped in the
Application_Error event of global.asax and emailed to me.

The only encryption in the app is the connectionStrings section of
web.config.

There is no localization in use.

Can anyone shed any light on how to identify the root cause and correct
it?

Could it be a server configuration problem?
Request.Path: /WebResource.axd

Exception Message: Padding is invalid and cannot be removed.

StackTrace: at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)

at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)

at System.Web.UI.Page.DecryptString(String s)

at
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext
context)

at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

InnerException:

CurrentExecutionFilePath: /WebResource.axd

 

[Steven Cheng[MSFT]]

Hi AG,

As for the WebResource.axd, it use machinekey to encrypt the
assembly/resource item parameters. by default, the machinekey of a .NET
application is randomly generated. Thus, if you're using webfarm or your
application will frequently restart due to some reason, you'll likely to
get such invalid exception when a former generated encryption parameter is
passed to webresource.axd.

One thing you can try is manually supply a fixed machinekey for your
ASP.NET application to see whether it helps:

#Getting CryptographicException exception "Padding is invalid and cannot be
removed" after Migrating to ASP.NET 2.0
http://blogs.msdn.com/paraga/rss_tag_ASP.NET+2.0.xml

#ASP.Net¡¯s WebResource.axd and machineKey badness
http://blog.aproductofsociety.org/?p=11

The machinekey has many other impacts on ASP.NET services, here is a good
article mentioned them:

#How To: Configure MachineKey in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998288.aspx

Hope this also helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------

 

[AG]

Thanks Steven, I will try that.

 

[Steven Cheng[MSFT]]

Thanks for your reply,

If you got any new results, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Matthew]

We have set a 'SHA1' machinekey in the application web.config, but continue
to get this errors as shown below.
what do you recommend for us?

Event code: 3005
Event message: An unhandled exception has occurred.
Event ID: 7311ee384a0e4c86b7aea6d442ed2139 Event sequence: 841 Event
occurrence: 12 Event detail code: 0

Process information:
Process name: w3wp.exe

Exception information:
Exception type: System.Security.Cryptography.CryptographicException
Exception message: Padding is invalid and cannot be removed.

Request information:
Request URL:
http://www.example.com/WebResource....Q7YoV8di6ywT7go93N0RJJw2&t=633407498743493559
Request path: /WebResource.axd
User:
Is authenticated: False
Authentication Type:

Thread information:
Is impersonating: True
Stack trace: at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32
outputOffset, PaddingMode paddingMode, Boolean fLast)
at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)
at System.Web.UI.Page.DecryptString(String s)
at
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

 

[Steven Cheng]

Hi mudnug,

As for the error you encountered, where did the url come from? Also, does
the problem occur frequently or can easily repro?

Best regards,

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?TWF0dGhldw==?= <[email protected]>
References: <[email protected]>

<[email protected]>

Subject: Re: Exception - Padding is Invalid
Date: Tue, 18 Mar 2008 09:41:04 -0700

We have set a 'SHA1' machinekey in the application web.config, but continue
to get this errors as shown below.
what do you recommend for us?

Event code: 3005
Event message: An unhandled exception has occurred.
Event ID: 7311ee384a0e4c86b7aea6d442ed2139 Event sequence: 841 Event
occurrence: 12 Event detail code: 0

Process information:
Process name: w3wp.exe

Exception information:
Exception type: System.Security.Cryptography.CryptographicException
Exception message: Padding is invalid and cannot be removed.

Request information:
Request URL:
http://www.example.com/WebResource.axd?d=sYEWk7s3_htsl7XNJ1fQM1My8nZ0cMidKe _4nIuoccwaRE7QIXQ0IkttYF_X-gPQ7YoV8di6ywT7go93N0RJJw2&t=633407498743493559
Request path: /WebResource.axd
User:
Is authenticated: False
Authentication Type:

Thread information:
Is impersonating: True
Stack trace: at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32
outputOffset, PaddingMode paddingMode, Boolean fLast)
at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(B

yte[] inputBuffer, Int32 inputOffset, Int32 inputCount)

at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)
at System.Web.UI.Page.DecryptString(String s)
at
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessR equest(HttpContext context)
at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplicat ion.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

 

[Matthew]

The problem does occur rather frequently - over a hundred times overnight on
one occasion. I'm not able to reproduce it consistently, and have seen only a
handful of errors in 24 hours on most occasions.

 

[Steven Cheng]

Can you determine where did those problem request come from? Is your
appliation an internet application or intranet one?

Best regards,

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Matthew]

A sampling indicates the requests come from googlebot. The site is hosted at
www.dometech.com

 

[Steven Cheng]

Thanks for your reply mudnug,

If googlebot is the source agent, I think you've run into a common problem.
The google cache may contains a cached version of entire page(include the
viewstate hidden field). Thus, it will always send the cached
viewstate(that is specific to the certain machinekey which is used to sign
it). Then, when the application's server-side machinekey has changed, the
request based on the cached page will fail(with the invalid exception you
saw). Here is a web article also mentioned this:

#A Product of Society
http://blog.aproductofsociety.org/?p=11

If most of the errors in your site is caused by this, I think you can
simply ignore it.

Best regards,

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?TWF0dGhldw==?= <[email protected]>
References: <[email protected]>

<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>