Padding is invalid and cannot be removed.

  • Thread starter Thread starter Amelyan
  • Start date Start date
A

Amelyan

Why does this happen? How to fix it?

Once in a while I get error in ~/ScriptResource.axd?d=...

System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. --->
System.Security.Cryptography.CryptographicException: Padding is invalid and
cannot be removed.

at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)

at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)

at System.Web.UI.Page.DecryptString(String s)

--- End of inner exception stack trace ---

at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[]
arguments, SignatureStruct& sig, MethodAttributes methodAttributes,
RuntimeTypeHandle typeOwner)

at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[]
arguments, Signature sig, MethodAttributes methodAttributes,
RuntimeTypeHandle typeOwner)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean
skipVisibilityChecks)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)

at System.Web.Handlers.ScriptResourceHandler.DecryptString(String s)

at
System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection
queryString)

at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext
context)

at
System.Web.Handlers.ScriptResourceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext
context)

at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
 
to keep hacker from arbitrarily accessing resource string, the access
strings are encrypted and converted to base64 to produce a url to access
the resource value. the error means the url parameters are not valid.
check the iis logs to see what the values sent are. perhaps truncation
is occurring.

-- bruce (sqlwork.com)
 
This is also happening to normal users not hacking the website. Is this a
bug in ASP.NET?


bruce barker said:
to keep hacker from arbitrarily accessing resource string, the access
strings are encrypted and converted to base64 to produce a url to access
the resource value. the error means the url parameters are not valid.
check the iis logs to see what the values sent are. perhaps truncation is
occurring.

-- bruce (sqlwork.com)
Why does this happen? How to fix it?

Once in a while I get error in ~/ScriptResource.axd?d=...

System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. --->
System.Security.Cryptography.CryptographicException: Padding is invalid
and
cannot be removed.

at
System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)

at
System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)

at System.Security.Cryptography.CryptoStream.FlushFinalBlock()

at
System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean
fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean
useValidationSymAlgo)

at System.Web.UI.Page.DecryptString(String s)

--- End of inner exception stack trace ---

at System.RuntimeMethodHandle._InvokeMethodFast(Object target,
Object[]
arguments, SignatureStruct& sig, MethodAttributes methodAttributes,
RuntimeTypeHandle typeOwner)

at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[]
arguments, Signature sig, MethodAttributes methodAttributes,
RuntimeTypeHandle typeOwner)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture,
Boolean
skipVisibilityChecks)

at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

at System.Reflection.MethodBase.Invoke(Object obj, Object[]
parameters)

at System.Web.Handlers.ScriptResourceHandler.DecryptString(String s)

at
System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection
queryString)

at
System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext
context)

at
System.Web.Handlers.ScriptResourceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext
context)

at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean&
completedSynchronously)
 
Back
Top