Solved

"Padding is invalid" error message

Posted on 2007-12-03
3
1,077 Views
Last Modified: 2010-04-21
We are hosting two copies of the same application on the same server in IIS.  Each copy is set up in IIS with a virtual directory and separate application pools, and use NT authentication security.  The two versions have different web.config configurations to enable testing of a read-only and editable version of a .net web based application.  When you move between the two applications in the same IE window the following error is produced on the second site you visit:

Padding is invalid and cannot be removed.
   at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
   at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
   at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)
   at Security.GetAuthTicket()
   at Security.IsUserAuthenticated(String ConnectionString)
   at _Default.Page_Load(Object sender, EventArgs e)
   at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
   at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

The problem usually goes away if you logout of one site and then navigate to the other, or open the second site in a new IE window, but entering the URL of the second site whilst logged into the first produces the above error.

The only method that uses the Decrypt method is as follows, however there is no error location in the above error:

    public static FormsAuthenticationTicket GetAuthTicket()
    {
        // Extract the forms authentication cookie
        string zpCookieName = FormsAuthentication.FormsCookieName;
        HttpCookie opAuthCookie = HttpContext.Current.Request.Cookies[zpCookieName];

        if (opAuthCookie == null)
        {
            // There is no authentication cookie.
            return null;
        }

        FormsAuthenticationTicket opAuthTicket = null;

        opAuthTicket = FormsAuthentication.Decrypt(opAuthCookie.Value);

        if (opAuthTicket == null)
        {
            // Cookie failed to decrypt.
            throw new Exception("Could not decrypt authentication ticket");
        }
        else
        {
            return opAuthTicket;
        }
    }
0
Comment
Question by:SamDorling
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
Göran Andersson earned 500 total points
ID: 20394553
The problem is that the applications have the same domain name, so they share the cookies. Specify the path when you create the cookies, so that each cookie is local to the directory.
ticket.Path = Request.Path.Substring(0, Request.Path.LastIndexOf('/'));

Open in new window

0
 
LVL 1

Author Closing Comment

by:SamDorling
ID: 31427346
Thanks for the prompt response, GreenGhost.  Setting the ".Path" property of the Cookie object did fix our problem.

Just as a side-note, we did also append a forward slash to the end of the "Path" property, e.g. our two virtual directories were:

http://ServerName/Application
http://ServerName/ApplicationReadOnly

Switching from the "ApplicationReadOnly" to "Application" still produced the "Padding is invalid" message, and it seemed to be because "/Application" partially matches "/ApplicationReadOnly", so by adding a forward slash to the end of the ".Path" property, the name is completely unique.  This seemed a bit strange, but must be some sort of security feature for cookies.
0
 
LVL 29

Expert Comment

by:Göran Andersson
ID: 20395044
I see. Then it seems that the path is matched against the requested url without parsing the separete folders. This is probably not very common knowledge, as this is the example code for the HttpCookie.Path property in MSDN Library:

MyCookie.Path = "/asp";

That code would have the same potential problem as you are describing.

As a side not to the side note ;)
You could just leave the slash, instead of excluding it and adding another:

ticket.Path = Request.Path.Substring(0, Request.Path.LastIndexOf('/') + 1);
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now