Exception - Padding is Invalid

I occassionally get the following exception from an ASP.NET 2.0 Web
Application running on a shared web host.

I have no way of knowing what the actual request page was as it never
happens when I visit the site. The exception is trapped in the
Application_Error event of global.asax and emailed to me.

The only encryption in the app is the connectionStrings section of
web.config.

There is no localization in use.

Can anyone shed any light on how to identify the root cause and correct it?

Could it be a server configuration problem?
Request.Path: /WebResource.axd

Exception Message: Padding is invalid and cannot be removed.

StackTrace: at
System.Security.Cryptography.RijndaelManagedTransform.Decryp tData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

at
System.Security.Cryptography.RijndaelManagedTransform.Transf ormFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)

at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

at System.Web.Configuration.MachineKeySection.EncryptOrDecryptD ata(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)

at System.Web.UI.Page.DecryptString(String s)

at
System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpH andler.ProcessRequest(HttpContext
context)

at
System.Web.HttpApplication.CallHandlerExecutionStep.System.W eb.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

InnerException:

CurrentExecutionFilePath: /WebResource.axd

--

AG
Email: discussATadhdataDOTcom

RE: Exception - Padding is Invalid

a webresource request has encrypted parameters (assembly name, and resource
id) so a user canot just randomly pluck out resources values (such as a
connect string). after encryption, the parameters are convereted to base64 to
make the strings url safe. due to base64's algrothrym a the string length is
always a mutilpe of three. to get this padding is added.

the error message means the parameter string was truncated (or has illegal
charaters) and does not match the url rendered. this is usally caused by a
proxy server that truncates the url because it too long, or performs some
other translation.

you would to run network traces to see if your end or the other end is
causing the problem.

-- bruce (sqlwork.com)


"AG" wrote:

> I occassionally get the following exception from an ASP.NET 2.0 Web
> Application running on a shared web host.
>
> I have no way of knowing what the actual request page was as it never
> happens when I visit the site. The exception is trapped in the
> Application_Error event of global.asax and emailed to me.
>
> The only encryption in the app is the connectionStrings section of
> web.config.
>
> There is no localization in use.
>
> Can anyone shed any light on how to identify the root cause and correct it?
>
> Could it be a server configuration problem?
> Request.Path: /WebResource.axd
>
> Exception Message: Padding is invalid and cannot be removed.
>
> StackTrace: at
> System.Security.Cryptography.RijndaelManagedTransform.Decryp tData(Byte[]
> inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
> Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
>
> at
> System.Security.Cryptography.RijndaelManagedTransform.Transf ormFinalBlock(Byte[]
> inputBuffer, Int32 inputOffset, Int32 inputCount)
>
> at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
>
> at System.Web.Configuration.MachineKeySection.EncryptOrDecryptD ata(Boolean
> fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
> useValidationSymAlgo)
>
> at System.Web.UI.Page.DecryptString(String s)
>
> at
> System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpH andler.ProcessRequest(HttpContext
> context)
>
> at
> System.Web.HttpApplication.CallHandlerExecutionStep.System.W eb.HttpApplication.IExecutionStep.Execute()
>
> at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously)
>
> InnerException:
>
> CurrentExecutionFilePath: /WebResource.axd
>
> --
>
> AG
> Email: discussATadhdataDOTcom
>
>
>

Re: Exception - Padding is Invalid

Thanks Bruce,

Since I can't run any network traces, it sounds like I have to just ignore
it, unless it becomes more frequent.

--

AG
Email: discussATadhdataDOTcom

"bruce barker" wrote in message
news:798CE899-8322-473E-84D7-233DFBF72B9A@microsoft.com...
>a webresource request has encrypted parameters (assembly name, and resource
> id) so a user canot just randomly pluck out resources values (such as a
> connect string). after encryption, the parameters are convereted to base64
> to
> make the strings url safe. due to base64's algrothrym a the string length
> is
> always a mutilpe of three. to get this padding is added.
>
> the error message means the parameter string was truncated (or has illegal
> charaters) and does not match the url rendered. this is usally caused by a
> proxy server that truncates the url because it too long, or performs some
> other translation.
>
> you would to run network traces to see if your end or the other end is
> causing the problem.
>
> -- bruce (sqlwork.com)
>
>
> "AG" wrote:
>
>> I occassionally get the following exception from an ASP.NET 2.0 Web
>> Application running on a shared web host.
>>
>> I have no way of knowing what the actual request page was as it never
>> happens when I visit the site. The exception is trapped in the
>> Application_Error event of global.asax and emailed to me.
>>
>> The only encryption in the app is the connectionStrings section of
>> web.config.
>>
>> There is no localization in use.
>>
>> Can anyone shed any light on how to identify the root cause and correct
>> it?
>>
>> Could it be a server configuration problem?
>> Request.Path: /WebResource.axd
>>
>> Exception Message: Padding is invalid and cannot be removed.
>>
>> StackTrace: at
>> System.Security.Cryptography.RijndaelManagedTransform.Decryp tData(Byte[]
>> inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
>> Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
>>
>> at
>> System.Security.Cryptography.RijndaelManagedTransform.Transf ormFinalBlock(Byte[]
>> inputBuffer, Int32 inputOffset, Int32 inputCount)
>>
>> at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
>>
>> at
>> System.Web.Configuration.MachineKeySection.EncryptOrDecryptD ata(Boolean
>> fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
>> useValidationSymAlgo)
>>
>> at System.Web.UI.Page.DecryptString(String s)
>>
>> at
>> System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpH andler.ProcessRequest(HttpContext
>> context)
>>
>> at
>> System.Web.HttpApplication.CallHandlerExecutionStep.System.W eb.HttpApplication.IExecutionStep.Execute()
>>
>> at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
>> completedSynchronously)
>>
>> InnerException:
>>
>> CurrentExecutionFilePath: /WebResource.axd
>>
>> --
>>
>> AG
>> Email: discussATadhdataDOTcom
>>
>>
>>

Re: Exception - Padding is Invalid

Hi AG,

As for the WebResource.axd, it use machinekey to encrypt the
assembly/resource item parameters. by default, the machinekey of a .NET
application is randomly generated. Thus, if you're using webfarm or your
application will frequently restart due to some reason, you'll likely to
get such invalid exception when a former generated encryption parameter is
passed to webresource.axd.

One thing you can try is manually supply a fixed machinekey for your
ASP.NET application to see whether it helps:

#Getting CryptographicException exception "Padding is invalid and cannot be
removed" after Migrating to ASP.NET 2.0
http://blogs.msdn.com/paraga/rss_tag_ASP.NET+2.0.xml

#ASP.Net¡¯s WebResource.axd and machineKey badness
http://blog.aproductofsociety.org/?p=11

The machinekey has many other impacts on ASP.NET services, here is a good
article mentioned them:

#How To: Configure MachineKey in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998288.aspx

Hope this also helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx .

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
>Reply-To: "AG"
>From: "AG"
>References:
<798CE899-8322-473E-84D7-233DFBF72B9A@microsoft.com>
>Subject: Re: Exception - Padding is Invalid
>Date: Wed, 9 Jan 2008 21:05:12 -0500
>
>Thanks Bruce,
>
>Since I can't run any network traces, it sounds like I have to just ignore
>it, unless it becomes more frequent.
>
>--
>
>AG
>Email: discussATadhdataDOTcom
>
>"bruce barker" wrote in message
>news:798CE899-8322-473E-84D7-233DFBF72B9A@microsoft.com...
>>a webresource request has encrypted parameters (assembly name, and
resource
>> id) so a user canot just randomly pluck out resources values (such as a
>> connect string). after encryption, the parameters are convereted to
base64
>> to
>> make the strings url safe. due to base64's algrothrym a the string
length
>> is
>> always a mutilpe of three. to get this padding is added.
>>
>> the error message means the parameter string was truncated (or has
illegal
>> charaters) and does not match the url rendered. this is usally caused by
a
>> proxy server that truncates the url because it too long, or performs some
>> other translation.
>>
>> you would to run network traces to see if your end or the other end is
>> causing the problem.
>>
>> -- bruce (sqlwork.com)
>>
>>
>> "

Re: Exception - Padding is Invalid

Thanks Steven, I will try that.

--

AG
Email: discussATadhdataDOTcom
"Steven Cheng[MSFT]" wrote in message
news:KD0k5czUIHA.360@TK2MSFTNGHUB02.phx.gbl...
> Hi AG,
>
> As for the WebResource.axd, it use machinekey to encrypt the
> assembly/resource item parameters. by default, the machinekey of a .NET
> application is randomly generated. Thus, if you're using webfarm or your
> application will frequently restart due to some reason, you'll likely to
> get such invalid exception when a former generated encryption parameter is
> passed to webresource.axd.
>
> One thing you can try is manually supply a fixed machinekey for your
> ASP.NET application to see whether it helps:
>
> #Getting CryptographicException exception "Padding is invalid and cannot
> be
> removed" after Migrating to ASP.NET 2.0
> http://blogs.msdn.com/paraga/rss_tag_ASP.NET+2.0.xml
>
> #ASP.Net¡¯s WebResource.axd and machineKey badness
> http://blog.aproductofsociety.org/?p=11
>
> The machinekey has many other impacts on ASP.NET services, here is a good
> article mentioned them:
>
> #How To: Configure MachineKey in ASP.NET 2.0
> http://msdn2.microsoft.com/en-us/library/ms998288.aspx
>
> Hope this also helps.
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
>
> ==================================================
>
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
>
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>
> --------------------
>>Reply-To: "AG"
>>From: "AG"
>>References:
> <798CE899-8322-473E-84D7-233DFBF72B9A@microsoft.com>
>>Subject: Re: Exception - Padding is Invalid
>>Date: Wed, 9 Jan 2008 21:05:12 -0500
>>
>>Thanks Bruce,
>>
>>Since I can't run any network traces, it sounds like I have to just ignore
>>it, unless it becomes more frequent.
>>
>>--
>>
>>AG
>>Email: discussATadhdataDOTcom
>>
>>"bruce barker" wrote in message
>>news:798CE899-8322-473E-84D7-233DFBF72B9A@microsoft.com...
>>>a webresource request has encrypted parameters (assembly name, and
> resource
>>> id) so a user canot just randomly pluck out resources values (such as a
>>> connect string). after encryption, the parameters are convereted to
> base64
>>> to
>>> make the strings url safe. due to base64's algrothrym a the string
> length
>>> is
>>> always a mutilpe of three. to get this padding is added.
>>>
>>> the error message means the parameter string was truncated (or has
> illegal
>>> charaters) and does not match the url rendered. this is usally caused by
> a
>>> proxy server that truncates the url because it too long, or performs
>>> some
>>> other translation.
>>>
>>> you would to run network traces to see if your end or the other end is
>>> causing the problem.
>>>
>>> -- bruce (sqlwork.com)
>>>
>>>
>>> "
>

Re: Exception - Padding is Invalid

Thanks for your reply,

If you got any new results, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Reply-To: "AG"
>From: "AG"
>Subject: Re: Exception - Padding is Invalid
>Date: Thu, 10 Jan 2008 07:54:29 -0500
>Thanks Steven, I will try that.
>
>
>AG
>Email: discussATadhdataDOTcom
>"Steven Cheng[MSFT]" wrote in message
>news:KD0k5czUIHA.360@TK2MSFTNGHUB02.phx.gbl...
>> Hi AG,
>>
>> As for the WebResource.axd, it use machinekey to encrypt the
>> assembly/resource item parameters. by default, the machinekey of a .NET
>> application is randomly generated. Thus, if you're using webfarm or your
>> application will frequently restart due to some reason, you'll likely to
>> get such invalid exception when a former generated encryption parameter
is
>> passed to webresource.axd.
>>
>> One thing you can try is manually supply a fixed machinekey for your
>> ASP.NET application to see whether it helps:
>>
>> #Getting CryptographicException exception "Padding is invalid and cannot
>> be
>> removed" after Migrating to ASP.NET 2.0
>> http://blogs.msdn.com/paraga/rss_tag_ASP.NET+2.0.xml
>>
>> #ASP.Net¡¯s WebResource.axd and machineKey badness
>> http://blog.aproductofsociety.org/?p=11
>>
>> The machinekey has many other impacts on ASP.NET services, here is a good
>> article mentioned them:
>>
>> #How To: Configure MachineKey in ASP.NET 2.0
>> http://msdn2.microsoft.com/en-us/library/ms998288.aspx
>>
>> Hope this also helps.
>>
>> Sincerely,
>>
>> Steven Cheng
>>
>> Microsoft MSDN Online Support Lead
>>
>>
>>
>> ==================================================
>>
>> Get notification to my posts through email? Please refer to
>>
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
>> ications.
>>
>>
>>
>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
>> where an initial response from the community or a Microsoft Support
>> Engineer within 1 business day is acceptable. Please note that each
follow
>> up response may take approximately 2 business days as the support
>> professional working with you may need further investigation to reach the
>> most efficient resolution. The offering is not appropriate for situations
>> that require urgent, real-time or phone-based interactions or complex
>> project analysis and dump analysis issues. Issues of this nature are best
>> handled working with a dedicated Microsoft Support Engineer by contacting
>> Microsoft Customer Support Services (CSS) at
>> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>>
>> ==================================================
>>
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>