Padding is invalid and cannot be removed

  • Thread starter Thread starter rdlauer
  • Start date Start date
R

rdlauer

For some time now we've been seeing seemingly random errors thrown by
an application "Padding is invalid and cannot be removed". Everything
I've read about this online suggests that the machine key is different
between two load-balanced servers, but this application is running on
just one server. The other odd thing is that the errors come in
groups. Over a short period of time (5 minutes or so) many different
users will hit this error over said time period, but after that, the
app works fine again. I assume it is trying to decrypt the ViewState
or something but we're not doing any explicit encryption in the app.
Here is the error detail, any help would be appreciated!

Error Message: Padding is invalid and cannot be removed.

Source: mscorlib

Stack Trace: at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]&
outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean
fLast) at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount) at
System.Security.Cryptography.CryptoStream.FlushFinalBlock() at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length,
Boolean useValidationSymAlgo) at
System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)
 
after encryption the data is converted to base64. to decrypt the base64
string must be converted to binary. as base64 strings are built from
3-byte input, and the encoded data length must be a multiple of 4
padding must be used in some cases.

the error you are receiving means the length of the base64 string is not
correct, that is, somehow the browser is truncating the string. if this
is viewstate and its over 1K-2k, some proxy servers will truncate it.
you could also have some charset translation issues. you should get some
network traces to see what is going on.

-- bruce (sqlwork.com)
 
Back
Top