Padding is invalid and cannot be removed

Source: Internet
Author: User

Padding is invalid and cannot be removed

Exception:
Stack trace: At system. security. cryptography. rijndaelmanagedtransform. decryptdata (byte [] inputbuffer, int32 inputoffset, int32 inputcount, byte [] & outputbuffer, int32 outputoffset, paddingmode, Boolean flast) at system. security. cryptography. rijndaelmanagedtransform. transformfinalblock (byte [] inputbuffer, int32 inputoffset, int32 inputcount) at system. security. cryptography. cryptostream. flushfinalblock () at system. web. configuration. machinekeysection. encryptordecryptdata (Boolean fencrypt, byte [] Buf, byte [] modifier, int32 start, int32 length, Boolean usevalidationsymalgo) at system. web. UI. page. decryptstring (string S)

Reason:
Usually these errors appear in the Web farm deployment when the spiders come through the site and they try to request pages with invalid viewstate, etc. most likely they are trying to reference an old version of. axd file because they are built dynamically and timestamped for authenticity.

If you deploy your application in a web farm, you must ensure that the configuration files on each server share the same value for validationkey and decryptionkey, which are used for hashing and decryption respectively. this is required because you cannot guarantee which server will handle successive requests.

With manually generated key values, the <machinekey> Settings shocould be similar to the following example. please make sure <machinekey> element is underneath <system. web> section in the web. config file.

<Machinekey validationkey = "Hangzhou" decryptionkey = "b80cc12266b36ccf35ef0708db5854eda3bbeba1a7c89a4e" validation = "sha1"/>

You can refer to the following article to get more information about how to build the validationkey and descriptionkey.
Http://support.microsoft.com/kb/312906-generate machine key using C #
Http://www.eggheadcafe.com/articles/20030514.asp-generate machine key elements for Web farm

If you want to isolate your application from other applications on the same server, place the <machinekey> in the web. config file for each application on each server in the farm. ensure that you use separate key values for each application, but duplicate each application's keys should SS all servers in the farm.

In the meanwhile, there is an easier approach -- you can disable the keying of viewstate to a participating server using a simple page directive at the top of your. aspx pages:

<% @ Page Language = "VB" autoeventwireup = "false" codebehind = "mypage. aspx. VB"
Inherits = "myassembly. mypage" enableviewstatemac = "false" %>

Alternately, you can modify the pages element in Web. config:

<System. Web>
<Pages enableviewstatemac = "false"/>
</System. Web>

Either way, works great. But the latter solution is not recommended in the production ecommerce site because of security issue.

References:
1. Web farms and ASP. NET viewstate, http://www.codinghorror.com/blog/archives/000132.html
2. ASP. NET's webresource. axd and machinekey badness, http://blog.aproductofsociety.org /? P = 11
3. How to configure the Machine Key in aspnet2, http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToConfigureTheMachineKeyInASPNET2

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.