locked
Annoying CryptographicException on WebResource.axd RRS feed

  • Question

  • User-1816007260 posted
    OK. I waited long enough, but now after going RTM with .NET 2.0 my problem still persists. I get A LOT of below exceptions daily and I have no idea what causes them. Maybe there is someone out there who could shed any light on this.
    This happens on our production server - Windows 2003 SP1 running our custom web app now compiled to RTM version .NET 2.0. If this matters - the server is not part of any web garden or web cluster.

    Thank you in advance.

    Radek

    URL : /WebResource.axd?d=kSeV1ybpS9bEq7I4MiVq5IkULXRhwAlV5Koqh_1-Ty01&t=632667140451143976

    BaseException: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.

    at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

    at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)

    at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

    at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)

    at System.Web.UI.Page.DecryptString(String s)

    at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)

    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Error Message :Padding is invalid and cannot be removed.

    Error Source :mscorlib

    Error Stack Trace : at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

    at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)

    at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

    at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)

    at System.Web.UI.Page.DecryptString(String s)

    at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)

    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Error TargetSite :Int32 DecryptData(Byte[], Int32, Int32, Byte[] ByRef, Int32, System.Security.Cryptography.PaddingMode, Boolean)

    Monday, November 7, 2005 7:02 PM

All replies

  • User-1816007260 posted

    If this helps - I've noticed a regular pattern in causing this behavior. It looks like errors are generated only when the page is hit from Google's cache (HTTP_REFERER : http://64.233.161.104/search?q=cache:(...)) or combed by one the search engine crawlers (HTTP_USER_AGENT : Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp))

    Thank You for any help

    Radek

    Wednesday, November 9, 2005 11:15 AM
  • User-1775746769 posted

    Did you happen to resolve this? I am experiencing the exact same problem.

    Thanks.

    Monday, February 13, 2006 3:44 PM
  • User-89194507 posted
    Can also confirm this happens when a page is viewed through google cache. Unfortunatly I do not know how to make these errors go away.

    Ward
    Wednesday, March 1, 2006 4:50 AM
  • User2030833070 posted

    Hi!

    This post is exactly what I searched for but with the exception that no solution is available. Maybe some of the moderators here could help out a bit.

    I checked the log and it seems that every time the googlebot is visiting my customers website its causing this error 66.249.65.204 HTTP/1.1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html).

    First it would be nice to get an explanation about why it happens and what does this mean (does google is able to index the site properly?) and second I would like to find a solution, if any additional information is needed please tell me.

    The error-message I get is as shown below.

    Thanks,

    Markus

     

    http://someURL/WebResource.axd?d=D5GnL-VKKGPWg_z-yz7sIg2&t=632712132058651250

    Message
    Padding is invalid and cannot be removed.

    Source
    mscorlib

    Target site
    Int32 DecryptData(Byte[], Int32, Int32, Byte[] ByRef, Int32, System.Security.Cryptography.PaddingMode, Boolean)

    Stack trace
       at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
       at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
       at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
       at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
       at System.Web.UI.Page.DecryptString(String s)
       at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    ToString()
    System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
       at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
       at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
       at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
       at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
       at System.Web.UI.Page.DecryptString(String s)
       at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

     

    Saturday, March 4, 2006 6:25 PM
  • User2030833070 posted

    Hi!

    I noted that this error can also be caused through freetextbox. In my case I use freetextbox in the cms and at least if I get all the images directly from the dll then time by time it happens that the pics from the toolbar can not be loaded and for every pic not loaded this error occurs.

    I will now try to load the pics just from a folder instead of the dll. Everything said before is still valid.

    Markus

    Monday, March 6, 2006 9:43 AM
  • User2030833070 posted

    And another cause:

    IIS-LOG:

    2006-03-06 15:07:22 W3SVC32376 USER 66.45.225.179 GET /Cms/new_website/WebResource.axd d=9VvIn5RuBhV3h2xHTDetCA2&t=632712132058651250 80 - 200.60.247.118 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) ASP.NET_SessionId=juycn155gmf3s245j3ji0b45 http://somewebsite/Cms/new_website/Warum.aspx somewebsite 500 0 0 3316 463 3468


    This error is not just annoying, it is a problem. I causes my sessions to get lost.

    Please help out!

    Thank you,

    Markus

    Monday, March 6, 2006 10:20 AM
  • User2030833070 posted

    The Event-Viewer-Log for the last error descriped:

    Event code: 3005

    Event message: An unhandled exception has occurred.

    Event time: 06.03.2006 10:07:22

    Event time (UTC): 06.03.2006 15:07:22

    Event ID: 2a8189a93acf4a3b954f45eb73e9106c

    Event sequence: 4

    Event occurrence: 1

    Event detail code: 0

    Application information:

    Application domain: /LM/W3SVC/32376/Root/Cms/new_website-1-127861312407923054

    Trust level: Full

    Application Virtual Path: /Cms/new_website

    Application Path: C:\Inetpub\vhosts\somewebsite\httpdocs\Cms\new_website\

    Machine name: USER

    Process information:

    Process ID: 3380

    Process name: w3wp.exe

    Account name: USERUR\IWPD_9(somewebsite)

    Exception information:

    Exception type: CryptographicException

    Exception message: Padding is invalid and cannot be removed.

    Request information:

    Request URL: http://somewebsite/Cms/new_website/WebResource.axd?d=9VvIn5RuBhV3h2xHTDetCA2&t=632712132058651250

    Request path: /Cms/new_website/WebResource.axd

    User host address: 200.60.247.118

    User:

    Is authenticated: False

    Authentication Type:

    Thread account name: USER\IWPD_9(somewebsite)

    Thread information:

    Thread ID: 1

    Thread account name: USER\IWPD_9(somewebsite)

    Is impersonating: False

    Stack trace: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

    at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)

    at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

    at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)

    at System.Web.UI.Page.DecryptString(String s)

    at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context)

    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Custom event details:

    For more information, see Help and Support Center at

    Monday, March 6, 2006 10:24 AM
  • User-89194507 posted
    I changed my robots.txt file to:

    User-agent: *
    Disallow: /*.axd$

    That should fix these errors at least from firing when google, or another spider is crawling my website. I'll let you know if it helped.



    Monday, March 6, 2006 2:05 PM
  • User-1223822415 posted
    I am also seeing this error intermittently. It shows up in the event log several times a day. I too am not running a web farm, and I am seeing this with regular user access to the pages on my site (i.e. not just with pages hit by spiders/crawlers).
     
    I see that this issue was previously reported to Microsoft (http://lab.msdn.microsoft.com/ProductFeedback/viewFeedback.aspx?feedbackid=17c64976-ee21-4055-9de4-992d9c59e589), but they claim it is resolved because they can't reproduce it other than in web farm scenarios. Clearly there is a problem here, as evidenced by the number of people experiencing it in non-webfarm scenarios. It would be really nice to here something further from Microsoft on this.
    Wednesday, March 8, 2006 4:26 PM
  • User2030833070 posted

    An update:

    1) The lovely trick with the robots.txt file seems to work. However it would still be interesting to know if there could be any noteable effects in the google results or something like that.

    2) All the other errors (not from google) seem to be caused from an ISAPI-Filter that I have uninstalled now. I used url_rewrite from iismods.com. I don't try to say that it is the fault of this filter, maybe I did something wrong within the configuration - maybe not.

    However I haven't seen this error for around 36 hours now and that's a new record. Hopefully that helps some of you too!

    Best regards,

    Markus

    Wednesday, March 8, 2006 5:03 PM
  • User-89194507 posted
    Hi Markus,

    I see it much less fortunatly. But I still get it if someone sees a page of my website through google cache. Luckely is looks like it renders ok.

    Ward
    Thursday, March 9, 2006 1:39 AM
  • User292736821 posted

    This thread seems old but Yahoo still seems to trigger this error even though I blocked it from my robots.txt file. Didn't anyone find resolution to this?

    Thanks

    Monday, August 14, 2006 10:26 AM
  • User-728782095 posted
    I'm having this same issue now and I tried the robots.txt fix as well to no avail.  My site is getting hammered with these errors, and it only happens when someone goes to our offsite search page from our site.
    Tuesday, August 22, 2006 3:13 PM
  • User-746667562 posted

    Has anyone found a solution for this problem yet?  I am now getting it and I also make extensive use of freetextbox, but I seem to only get it from proxy.aol.com.  I tried playing with output cache page directives but it seems to have not made a difference.  All help greatly appreciated[:)]

    TIA.

    Eric

    Wednesday, September 27, 2006 8:12 AM
  • User-1770875694 posted

    I'm also getting these errors (by the thousands).  I am on a web farm, however I have tried switching users to individual servers in the farm to test and get the same results.

    One peculiar detail I've noticed about these: when I view the page (and it works) I see querystring parameters "d" and "t".  However, my error logging system consistently reports only querystring parameter "d" with an additional parameter "z" which is always set to a bit value (0, 1).

    Has anyone found an answer to this problem?  

    Jeremy 

    Wednesday, October 4, 2006 3:36 AM
  • User-89194507 posted

    A partial fix is excluding all axd from your robots.txt file (see one of my earlier posts). This will solve the issue when a search engine wants to re-index the axd.

    The problem is that the query parameters to the axd is changed every time, when you use old ones, the crypto error is thrown. So when people look at a page from your website through google cache, the cached copy has a old reference to the axd and you will see the message. Besides blocking google from caching you pages, I could not find a solution for that. I just ignore them in my error-mail script.

    Good luck!

     Ward


     

    Wednesday, October 4, 2006 7:13 AM
  • User-1129643960 posted

    Good stuff, it helped me alot. Thank you!

    Also you can visit these pages and find out a little more:

    • http://www.robotstxt.org/wc/exclusion-admin.html
    • http://www.mcanerin.com/EN/search-engine/robots-txt.asp

    Regards,
    Lucian
     

    Monday, March 19, 2007 6:27 AM
  • User-760170403 posted

    We had the same error in our NLB settup. We already had consistent machineKeys, but were still getting the error.

    The problem was we were missing the decryptionKey=, and that appearantly made a different d= value, and made all machines consistent,

    Have not seen the errors resurface yet.

    Read my writeup here for more info:

    http://blog.aproductofsociety.org/?p=11
    Thursday, March 22, 2007 8:32 PM
  • User145195717 posted

    Hi there!

     Watch this website:

     http://blog.aproductofsociety.org/?cat=10

    Happy programming

    Wednesday, June 25, 2008 5:34 AM
  • User753834116 posted

    It can be several causes. The way I found the error was to follow the most relevant test arguments (I did an old fashion call tree stack in a text editor), until I found the one. I was decrypting the connection string instead of the key. I know, it's kind of silly but I could detect it.

    One good link, that helped me to solve other minor bugs was

    http://www.codeproject.com/KB/security/Cryptor.aspx

    Specially on "Notes On Padding"

    VS2003 has by default PaddingMode.PKCS7, in VS2008 (targeting to .NET2.0) it is required that you explicitily declare it PaddingMode.PKCS7. Even for me it behaved as PaddingMode.Zeros, so I had to program a function that removed the last zeros.

     Hope It would help you solve your solution.

    "Freedom" Wallace

     

     

    Tuesday, January 20, 2009 10:41 AM
  • User2098947605 posted

     I've been gettnig this error in Firefox when my session expires.  I'm also using a cookie. 

     Anyone know how I can clear this up? 

    Wednesday, June 3, 2009 7:35 PM
  • User667050913 posted

    AlexB1318,


    I am also seeing this error.   Did you find a resolution to it?


    Thanks,
    Joel

    Wednesday, July 15, 2009 2:58 PM
  • User753834116 posted

    Hi Joel:

    Debug the padding (choose the right padding). Close the flows in a finally block (e.g. msEncrypt: pMemoryStream;  csEncrypt: pCryptoStream). Choose the Encoding depending on the Padding of the encription.

    Hope it helps, if not, go to a Salsa place, if it helps, go also ;-)

    Regards,



    Thursday, July 16, 2009 1:02 PM
  • User-416374788 posted

    I believe the robots.txt suggestion given earlier is incorrect. Google states:

    To specify matching the end of a URL, use $. For instance, to block any URLs that end with .xls:

    Disallow: /*.xls$

    Since requests for WebResource.axd and ScriptResource.axd always include a query string parameter the URL does not end with '.axd'! Thus, the correct robots.txt record for Google would be:

      Disallow: /*.axd

    However, not all crawlers recognize the wildcard '*' syntax. Thus, I looked to the robots.txt draft RFC which states: "The match evaluates positively if and only if the end of the path from the record is reached before a difference in octets is encountered."

    If one wanted to comply with the draft RFC (presumably for better understanding by all crawlers), you should avoid the wildcard syntax and include two records in your robots.txt file:

      Disallow: /ScriptResource.axd

      Disallow: /WebResource.axd

    Note that the records are case sensitive!

    Friday, July 9, 2010 3:25 AM
  • User375490614 posted

    I'm getting these errors as well, but my error page is showing the requests to be in lower case, so i'm going to try using:

    Disallow: /scriptresource.axd

    Disallow: /webresource.axd

    My setup: Windows Server 2008, IIS 7, asp.net 4.0, ajax, sqlserver 2008 (not that the db matters).

    Chris

    Thursday, October 7, 2010 8:33 PM