locked
Event code: 3012 The resource identifier failed to decrypt RRS feed

  • Question

  • User-693047505 posted

    An asp.net web application deployed to a remote server is returning a hundred of these errors per hour. They began when I upgraded the environment from .net 4.0 to .net 4.5. I tried further upgrading to .net 4.5.1 and even brought it back to .net 4.0 but I cannot stop these errors occurring. The web.config has MachineKey.DecryptionKey specified, though I don't know where I got the value for the key. All the errors refer to WebResource.axd. With the orginal upgrade, I made some changes to an asp:Menu. The only NuGet package being used is AjaxControlToolkit, which I need to keep synchronised with changes to the .net version. I'm at a total loss of what to do, and it's urgent.

    Stack trace:    at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType, Boolean signData)
       at System.Web.UI.Page.DecryptString(String s, Purpose purpose)
       at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)

    Robert

    Thursday, December 12, 2013 6:26 PM

Answers

  • User-693047505 posted

    The application was producing about 2.5K errors of this type per day. The host addresses in the error stack revealed they were caused by web crawlers, specifically Russian Yandex bots. I setup a rule in IIS to deny access to Yandex and this fixed the problem. The Robot.txt technique did not worrk.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 8, 2014 5:33 PM

All replies

  • User1815411410 posted

    Please add machineKey in your configuration file(web.config)

    How To: Configure MachineKey in ASP.NET 2.0

    Thursday, December 12, 2013 11:00 PM
  • User-693047505 posted

    As stated in the original post, MachineKey is already present, has been for several years. The application is currently in .net 4.5.1. Here is the machinkey element from web.config:

    <machineKey validationKey="287C5D125D6B7E7223E1F719E3D58D17BB967703017E1BBE28618FAC6C4501E910C7E59800B5D4C2EDD5B0ED98874A3E952D60BAF260D9D374A74C76CB741803" decryptionKey="5C1D8BD9DF3E1B4E1D01132F234266616E0D5EF772FE80AB" validation="SHA1" />

    Thursday, December 12, 2013 11:43 PM
  • User-1454326058 posted

    Hi rclancyr,

    Please try to generate the machinekey in IIS, for more information, please refer to:

    # How to Generate Machine Key in IIS7

    http://www.codeproject.com/Articles/221889/How-to-Generate-Machine-Key-in-IIS7

    On the other hand, for that error please refer to this link:

    http://support.microsoft.com/kb/2431728/en-us

    Thanks

    Best Regards

    Monday, December 16, 2013 2:21 AM
  • User-693047505 posted

    The website didn't have any errors when it was running in .net 4.0. They started after migrating to .net 4.5.1.

    I generated a new machinekey and decryptionkey in IIS7 and applied them, replacing the values in web.config.

    Then I couldn't login with any user, so I restored the old values. Why did that happen?

    Wednesday, December 18, 2013 1:44 AM
  • User-1454326058 posted

    Hi rclancyr,

    Please try add compatibilityMode attribute in the machineKey section, such as:

    <machineKey compatibilityMode="Framework20SP1" ....../>

    There is a link that may benefit you:

    http://blogs.msdn.com/b/webdev/archive/2012/10/23/cryptographic-improvements-in-asp-net-4-5-pt-2.aspx

    Thanks

    Best Regards

    Wednesday, December 18, 2013 4:57 AM
  • User-693047505 posted

    The article you referred me to is beyond my experience to comprehend in detail, though I understand that there have been fundamental cryptographic changes with the release of .net 4.5 and there could be potential compatibility issues.

    I added compatibilityMode="Framework20SP1" to the original machinekey element, and it made no change to the errors generated. Was your intention that I generate new machineKey and decryptionKeys in IIS7 and add compatibilityMode="Framework20SP1" as well? If so, I've yet to try this as the environment is in production, but if I did, can I expect that in changing the IIS keys existing users will still be able to login without needing to change their passwords?

    Wednesday, December 18, 2013 6:05 PM
  • User-1454326058 posted

    Hi rclancyr,

    Could you can reproduce the scene with the new project?

    If so, please provide the detail steps to us.

    On the other hand, I would like to know, do you encrypted some section of web.config file?

    If possible, could you share the project to me?

    About share the file in the SkyDrive, please refer to:

    http://windows.microsoft.com/en-us/skydrive/change-access-permissions-faq

    Thanks

    Best Regards

    Wednesday, December 18, 2013 11:31 PM
  • User-693047505 posted

    Reproduce in a new project: I have a couple of other applications running on the same server, developed in the same environment, with the same .net version, running in the same application pool in IIS, none of which are producing this error. From this, I assume it would be difficult to reproduce.

    Nothing is encrypted in web.config.

    I'm reluctant to share the project because it is a commercial product.

    I note you didn't answer my question regarding generating new keys, in my previous post.

    The Request URL in every one of these errors is pointing to /WebResource.axd. When I view source of any page on the site, I can see the only object which calls this resource is the site menu, on every page because it's in the master page, and specifically the <asp:Menu DynamicMenuItemStyle... element. When I upgraded to .net 4.5, I made some changes to the CSS for this menu. Maybe that has somehow caused the problem.

    Thursday, December 19, 2013 12:40 AM
  • User-1454326058 posted

    Hi rclancyr,

    I generated a new machinekey and decryptionkey in IIS7 and applied them, replacing the values in web.config.

    Then I couldn't login with any user, so I restored the old values. Why did that happen?

    Please check the logging method. In my opinion, I think you are using the machine key to encrypt the user name or password.

    Thanks

    Best Regards

    Friday, December 20, 2013 2:29 AM
  • User-693047505 posted

    The application was producing about 2.5K errors of this type per day. The host addresses in the error stack revealed they were caused by web crawlers, specifically Russian Yandex bots. I setup a rule in IIS to deny access to Yandex and this fixed the problem. The Robot.txt technique did not worrk.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 8, 2014 5:33 PM