We have a cookie management library that writes a cookie containing some sensitive information, encrypted with Rijndael. The cookie encrypts and decrypts fine in unit tests (using Moq), works fine for MVC web applications, but when called from an ASP.net 2.0 website, the cookie cannot be decrypted. "Padding is invalid and cannot be removed."
We are sure that the cookie value is valid because we tested it 10,000 times with random data in a unit test. There is something about what ASP.NET 2.0 does when it reads and writes the cookie that causes trouble.
I have all application errors sent to my email. I keep getting this:
mysite.com/webresource.axd?d=yacsx7hz0irzn_i7ifr3morrek9u6srdkqxsjvpn3mw1&t=633598204507656250 Padding is invalid and cannot be removed.
[Exception Info]
Stack Trace: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() [code]....
i googled and read to add machineKey in my web.config <system.web> which i did: <machineKey validationKey='0EFA95136AEA44850D5CEDDF0CC7502B1A009.....' decryptionKey='E88EB13ADB2C3D395193AA71DBB1E...' validation='SHA1'/>
and added <pages masterPageFile enableViewStateMac="true" viewStateEncryptionMode="Auto"> to my masterpage.But i keep getting that error.
I am using following code to encrypt and decrypt files. It works fine in windows application but shows an error in asp.net class. It's using Riijandael method.
Error : padding is invalid and cannot be removed
Code:Public Sub EncryptOrDecryptFile(ByVal strInputFile As String, _ ByVal strOutputFile As String, _ ) [code]....
Since installing the security patch for the ASP.NET Oracle Padding vunerability any user that was keeping themselves logged in to our site is getting error messages when hitting any page.
With custom errors switched off a user sees the following information
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.]
We (out IT partner really) recently changed some DNS for a web farmed site we have so that the two production server have round-robin DNS switching between the two. Prior to this switch we didn't really have problems with WebResource.axd files. Since the switch, when we hit the live public URL, we get an error:
CryptographicException
Padding is invalid and cannot be removed.
When we hit the specific servers themselves, they load fine. I've researched the issue and it seems since they're sharing assets between two servers, we need to have a consistent machineKey in the web.config for each server so they can encrypt and decrypt consistently between the two. My questions are:
Can I generate a machineKey via a tool on the server, or do I need to write code to do this?
Do I just need to add the machineKey to the web.config on each server or do you think I'll need to do anything else to make the two server work together? (Both web.config's currently do not have a machineKey)
I'm using the ChangePassword method of membership provider to change the password and one of the requirement before calling the ChangePassword is to retrieve the current password. But I'm getting error:
I'm getting the following error in our QA environment but only through the IIS7 reverse proxy. If I hit the application server directly it works fine. In our DEV environment it works fine through the proxy or directly.
I'm not really sure where to go with this, Server Error in '/' Application.
Padding is invalid and cannot be removed.
Description: An unhandled exception occurred during the execution of the current web request.
Exception Details: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
Source Error:An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:[CryptographicException: Padding is invalid and cannot be removed.] System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, [code].... Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.4927
We're getting this InternalSubStringWithChecks exception with our application's healthMonitoring. This exception is like the Padding is invalid and cannot be removed exception where it's being recorded and we're getting a notification email but the end user is unaware that an actual error has happened. Though we don't want our event log filled up with this rubbish! The stack trace is:
Parameter name: length at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy) at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest [code]...
I am busy building a shopping cart with cookies. I have datalist which I populate from the cookies with a delete button next to each cookie
[Code]....
Now the problem is that when I hit the delete / remove button to expire the cookie, what happens when repopulating the datalist is that it shows the original cookie with all it's values as well as a new entry where all the values are blank.
I want to change the value in a cookie: HttpCookie hc = new HttpCookie("HiddenColumns"); hc.Value = customView.HiddenFields; hc.Expires = DateTime.Now.AddDays(365); Response.SetCookie(hc);
I'm trying to use a webservice that first expects the clients to login, to retrieve a cookie to re-use. This is done through a login(string user, string pass) method on the webservice.
Doing this through a browser works fine, we get a cookie, and we can see the cookie via Fiddler or whatvever proxysniff thingy.
Time to do the same in ASP.Net, so we use the WSDL and generate a nice proxy class, and it works fine to call the login() method, but Never Ever does a cookie get set !
I already used the "cookiejar" technique - which means i create an instance of a CookieContainer and assign it to the proxyclass like this;
I am a bit baffled here; using IE7, ASP.NET 2.0 and Cassini (the VS built-in web server; although the same thing seems to be true for "real" applications deployed in IIS) I am looking for the session-id-cookie. My test page shows a session id (by printing out Session.SessionId) and Response.Cookies.Keys contains ASP.NET_SessionId. So far so good.
But I cannot find the cookie in IEs cookie-store! Nor does "remove all cookies" reset the session (as it does in FF)... So where - I am tempted to write that four letter word - does IE store that bloody cookie? Or am I missing something? By the way there is no hidden field with a session id either, as far as I can see. If I check in FF there is a cookie called ASP.NET_SessionId as I would expect. And as mentioned above deleting that cookie does start a new session; as I would expect.
I don't know how strong the support of RadControls over here is, but it can't be worse than Telerik(there I'm lucky to get a response in 2-3 days), so I'm going to try here first.
Basically, I'm trying to do custom theming(using just CSS classes) throughout my application, so I tried setting the CSS classes needed on the telerik RadTab controls.
Well, when inspecting it in firebug, it adds an extra like 50 px of padding to each tab, which there seems to be no control over. This is their rendered markup
<li class="rtsLI rtsFirst"> <a href="#" class="rtsLink ui-state-default"> <!--This is the only place where I can put in my own custom CSS class--> <span class="rtsOut"> <span class="rtsIn"> <span class="rtsTxt"> Common Application </span> </span> </span> </a> </li>
Now, I know you can't see the style classes, but according to Firebug, every class prefixed with "rts" has the line padding-left: 9px in the style sheet which would of course explain the extra padding problem. (Why do they need all this nesting anyway?!)
I have a simple validator that should check if the the date format is incorrect. I am doing testing and enter 2/14/201... which gets passed through my validator as 2/14/0201. How do I prevent this and jump to e.IsValid = false;?
I'm using a skin file, and within the skin, I'm applying all the settings using CSS. I've got most parts working, but how do I set 'CellPadding="1" CellSpacing="3"' using CSS?
I need to change padding for one column in ASP.NET GridView, while all other CSS atributes defined in external CSS file should be left untouched. How can I do it? Update: Below is my code that solved the problem:
to provide a link to documents held in directory so directory contains [URL] or [URL] Agenda contains
00209-FebruaryMtgMin%5E_.pdf
If I declare Directory as VarChar(nnn) where nnn is large enough to accomodate the longer field, The statement <%# Eval("Directory")+eval("Agenda")%> returns
